There is a widespread illusion that the subject of disaster planning deals only with the set-up at an alternate site should the primary site burn, be destroyed by natural calamity, or otherwise become inoperative. Disaster planning deals with these topics, of course. But from the outset, it would be useful to establish an entirely different definition for “disaster.” If it can be said that a “disaster” can appear in a variety of forms, in degrees of severity, then it should be apparent that we must explore the topic from the perspective of “contingency.”
A “contingency” is, by definition, something out of the ordinary. It may be as extreme as a fire or it may be so minute as improper access to confidential data. At either extreme, the existence of the contingency has deleterious consequences for the organization to which it happens. For the entire spectrum, there must be a plan of detection, correction, and recovery—and the latter may be the most dangerous.
We have not yet arrived at a universal understanding of the value of the information asset. Some have, of course. Most have not. Most still perceive that the information processing activities of the organization are but the record-keeping aspects of the asset and not the asset itself.…
Because we do not yet treat information in the same class as gold, it is often difficult to convince senior-level management of the sensitivity of the issue. Because there is not as much conviction, it is much easier to “play the odds,” assuming that “that can never happen to us.” Unfortunately, the record shows that it can indeed happen to us—all of us; if it hasn’t happened yet, it may occur next year, or even the next. Thus, the first step towards assessing the risk is a recognition of the inevitability of some form of contingency.