Talk to just about anyone in IT, and they’ll tell you that IT equipment can and does fail. In fact, they’ll likely regale you with horror stories of times when things went badly wrong at work and there was no plan in place to deal with it, and how they had to work on restoring systems while essentially flying by the seat of their pants.
Making sure this doesn’t happen is a matter of putting contigencies in place to deal with emergencies effectively and quickly when – not if – they happen.
Contingency planning goes hand in hand with risk assessment, another essential part of any business plan. The point of having contingencies in place is so that businesses can jump into managing disasters intelligently right away per pre-agreed-upon steps rather than panicking and spending valuable time trying to figure out where they should start.
But even more importantly, contingency planning is there to preserve the organisation itself in case the very worst happens. Thus, it’s not just a good idea, it’s essential to the long-term survival of any business.
So, how should you go about coming up with one? Let’s get into that right now.
What to do, what to do?
Establishing what should be done in the event of an IT-related emergency is a case of identifying the actions, resources and procedures that will be needed to successfully address even the very worst IT-related disasters.
Essentially, businesses need to ask themselves three questions:
What’s the worst that can happen?
What are we going to do about it if it does?
Is there anything we can do before it happens to prepare ourselves for it?
That involves imagining the very worst things that could possibly happen to your business’s servers, laptops, desktops, printers and any other electronic equipment you might have, and imagining what you’d have to do to recover from their loss, or to restore them back to working order.
To do that, management should look closely at employees and their roles and skills and assign responsibility for the necessary steps accordingly. Strong communication of what those steps are is vital here, as is having a dedicated communication system in place so that all involved stakeholders can stay in constant touch throughout the crisis.
If you do nothing else, put plans in place to ensure minimal disruptions to business-critical services; servers are usually the focus of those services so prioritising getting a plan in place to sort those out as quickly as possible is wisest.
Three phases to success
International contingency planning best practice states that solutions should be rolled out in three stages.
The first stage is notification and activation. It is here where damages are detected and evaluated, the relevant staff members and external stakeholders are notified and the actual plan itself is set in motion.
The second is recovery. This is where temporary solutions are put in place and activated, restoring affected systems temporarily so that services can resume for both staff and customers. This is also where the long-term recovery process begins.
This second phase is the most important of the three and needs to be set out in detail, as this is the practical “How” of the recovery process. Knowing what each step is in detail is essential to any successful recovery scenario.
The third and final phase is known as the “reconstitution phase”, where affected IT systems are brought back online and normal operations are resumed.
Just do it
It’s very easy to outline the three steps needed for any contingency plan to work, but establishing what exactly needs to be done is going to be incredibly difficult.
It will require a great deal of teamwork and clear communication between all stakeholders, as today’s IT environments are a lot more complex than they were even a few years ago.
Businesses that don’t have contingency plans in place currently are encouraged to sit down with their senior IT people and hash something out post haste.
That plan could someday be the difference between a relatively quick outage and minimal bottom line impact, and the business going under completely.