The contingency planning policy establishes the rules for an organization whereby it is able to effectively recover from an IT event that can range from a small service disruption to a catastrophic event where data processing capabilities have been rendered inaccessible.

What the contingency planning policy should address: the establishing, maintaining, and effectively implementing plans for emergency response, backup operations, and post-disaster recovery for organizational information systems to ensure the availability of critical information resources and continuity of operations in emergency situations.