The IT contingency plan is a kind of manual that contains instructions for action and emergency measures in the event of problems with IT. With the help of the IT contingency plan, downtime can be shortened and the damage caused by IT problems can be minimized.
What is an IT contingency plan?
The IT contingency plan is intended to limit or avert damage to organizations, companies, or individuals in the event of sudden events and problems in the IT environment. It is a kind of manual with a catalog of measures to be implemented and instructions for action.
The emergency plan often takes the form of checklists, which are to be worked through depending on the event in question. Events for which an emergency plan is used are, for example, power failures, technical malfunctions, fire, natural hazards, burglary, vandalism, hacker attacks, criminal acts, personnel failure, or operating errors. Thanks to the plan, the organization or company can respond appropriately and quickly to each of these events.
The content of the emergency plan includes technical instructions, responsibilities, alert chains, lists of measures, communication regulations, contact information, or measures for the rapid procurement of spare parts. The emergency plan always includes both technical and organizational information. In order to draw up a plan for emergencies, the following questions must be answered in advance:
- What are the effects of the failure of a particular IT system?
- What downtimes are to be tolerated?
- What is to be done to restore the function of the systems?
- Who is to be informed in the event of problems?
- How can people or companies be reached?
What are the objectives of the IT contingency plan?
The IT contingency plan provides a guide for acute problems and pursues the goals of minimizing downtime and limiting financial or other damage.
In the event of an emergency, it helps employees of the organization to maintain an overview and to act according to previously defined patterns. To this end, it provides both concrete instructions for action and organizational information about responsibilities or persons to be alerted.
Since modern companies cannot afford extended IT downtimes without financial losses, emergency plans are one of the elementary components of effective risk management. They prevent thinking about potential problems and impacts only after a specific event has already occurred.
By dealing with potential risks in advance, contingency plans help identify risks and eliminate them through proactive measures. Contingency plans prevent long interruptions of important business processes and jeopardize the economic existence of the company.
What should the IT contingency plan contain?
The IT contingency plan contains clear regulations on the responsibilities and accountabilities in the event of the occurrence of certain events and emergencies. It describes who is to take which measures and who is to be informed if necessary. At the same time, it names the deputies for the various roles.
Other important contents include information on technical documentation. Although there is no detailed documentation in the emergency plan itself, the plan does provide information on where documentation is stored. Checklists are also part of the plan, providing those affected with the individual steps to be taken. Contact and access lists with all the necessary information such as telephone numbers, passwords, key locations, or access IDs should not be missing. The following is a brief summary of the most important contents of an IT emergency plan:
- Directory of all documentation and information relevant to emergencies
- Checklists with recommendations for action
- Checklists for fault isolation and problem analysis
- Possible workarounds and emergency operating procedures
- Procedures for restoring function
- Contact lists
- Alarm chains and alarm plans
- List of emergency-relevant access data and access information
- Substitution arrangements
Example of an IT emergency plan
IT emergency plans can be drawn up for a wide variety of events. The following is an example of actions and information for an emergency plan in the event of an IT power outage. The plan addresses who is to report the power outage to whom. This includes reporting to the power provider as well as to those responsible for management.
Checklists allow employees to quickly determine which systems are affected by the power outage and whether any existing backup power systems have kicked in. If necessary, instructions are included to manually start up emergency power systems such as generators. At the same time, measures are listed to continuously query how long the emergency power systems will continue to operate.
The emergency power systems can be designed in such a way that the emergency plan allows a controlled shutdown of the servers and IT systems. Once the power failure has been repaired, the emergency plan specifies the order in which the systems are to be restarted and how the test for correct functioning is to be carried out. For extreme situations, the emergency plan also includes measures for particularly long power outages, such as relocating hardware to other premises.