Backup- and Contingency Planning

The organization should plan for potential (temporary) disturbances to the workforce as well as reduction of staff during other daily activities such as breaks, running of errands etc.

These plans should cover at a minimum the following situations:

1) Onsite or offsite backup for critical functions during normal breaks and other short activities.
2) Temporary reduction in capacity/capability due to emergency leave (e.g. medical leave).
3) Potentially longer-term reduction (e.g. staff resignation).

Staff shortage plans could be managed in a variety of ways such as hiring (temporary) freelancers and/or vendors or running at a higher risk- and/or reduced services level if so agreed to by the customer. The organization should ensure that hiring outside staff is not violating security policies and SLAs (e.g. assignment rights).

The organization should prepare for emergencies such as a pandemic. Policies and procedures should address at the minimum:

1.) A&B teams.
2.) Remote work.
3.) Limits for on-site vendors/suppliers/contractors/customers.
4.) Usage of additional PPE (e.g. face masks, gloves, glasses).
5.) Communication protocols.
6.) Escalation plan/chart (e.g. code yellow, orange, red).