3. Applying the Chosen Planning Methodology

Definitions

Primary threat

A primary threat is any hazard which, should it give rise to an event, has the potential to interrupt business operations for an unacceptable length of time.

Secondary Threat

A secondary threat is a hazard which, should it give rise to an event, has the potential to cause considerable inconvenience, for any length of time, without causing serious interruption to business operations.

Disaster

In relation to business contingency planning, a disaster is an event which results in an unplanned and prolonged disruption in one or more business processes.

In relation to business contingency planning, terms such as 'emergency', 'incident', 'adverse event' and 'disaster' are used as interchangeable descriptions of similar occurrences.

Insurance and contingency planning

Insurance provides financial compensation, after the event, for a physical, or business related loss. The amount of compensation is calculated after thorough assessment following the incident giving rise to the loss. There is often a period of negotiation between loss adjusters and loss assessors, working on behalf of the insured and the insurer, before a settlement is reached. The cash compensation is then paid to the insured party.

Insurance has a very important role, but there are almost no cases where insurance alone will enable a company to resume its business activities within an acceptable time after a disaster or serious disruption.

Certain insurance policies, such as 'business interruption insurance', can provide funds to operate a pre-planned 'recovery' or business contingency plan.

A well-prepared business contingency plan will enable the business to begin a phased recovery immediately after the occurrence of a disaster. Insurers generally recognise the advantages of well prepared contingency plans, which can considerably reduce the total cost of a 'disaster'.

Operational risk and contingency planning.

Operational Risk includes assessment of all categories of loss which could affect the business and all of its assets.

Loss of confidentiality, loss of integrity, loss of availability, as well as consequential losses, all have to be considered.

The MSTA view is that a contingency plan addresses only the loss of availability of vital resources that are needed to perform essential business processes.

Operational Risk management must take into consideration the reasons for loss of availability of vital resources. Loss of confidentiality, such as the unauthorised reading of customer information by a third party, could result in the additional risk of claims for damages from customers. Loss of integrity, such as corrupted computer data, could result in costly investigation and repair bills, as well as direct financial loss due to incorrect data files.
The Contingency planner does not consider the reason for loss of availability of a vital resource. The contingency plan simply provides an alternative environment and/or alternative resources with which to resume the business processes.