The measures we’ve discussed thus far will prepare you for most natural disasters, but what about smaller disasters and accidents? There’s no way to prevent every accident, but some minor preparations can minimize the impact of any eventuality.
Protect Critical Organization Logins
Here at TechSoup Global, we employ a simple policy for staff passwords. For any service or application that directly impacts outside users, we don’t select the “Remember my Password” or “Keep me Logged in” options. For example, although we may let our FTP clients store the passwords for our internal FTP site, we always manually log in to the FTP site where we house our website. This simple rule keeps staff from accidentally deleting important files from the website.
Similarly, when you’re working in your donor database or website, log out of the application when you leave your desk. These policies aren’t only about protecting your systems from vandalism; they also protect your systems from simple human error.
Have a policy in place for when your organization’s relationship with an employee ends, and make this policy available to any employees who would like to see it. Here are some examples of the sorts of things this policy should include:
Archive the former employee’s email (don’t delete it). Forward the email address to the former employee’s manager.
Change any passwords that the employee had access to, including passwords for the organization’s presence on any social networking sites. If applicable, have the employee make a list of any accounts and passwords he set up on behalf of the organization.
Back up the former employee’s computer. Reformat it before giving it to another employee.
Keep a list of up-to-date email addresses for former employees. This is useful for two reasons. First, it allows you to forward any personal messages an employee might receive at his old email address. Second, you might discover in a disaster that the employee forgot to document a crucial piece of information.
These measures do not denote mistrust of the former employee. An end-of-employment policy provides for the smooth, professional transition that all workers deserve.
Here’s a quick checklist to keep track of your progress in implementing the strategies covered in this guide. Not every item on the checklist applies to every organization. As you work through the disaster-planning process, be sure to document new technologies and strategies that you implement, and keep staff informed of new procedures and policies.
Develop an end-of-employment policy and make it available to employees
Part II: Disaster Recovery
Part II is intended for organizations trying to recover their IT systems after or during a disaster. We’ll start by discussing triage, the process of choosing priorities and determining which programs you must continue through the recovery process and which ones can be slowed or paused. Next we’ll discuss how to recover or replace hardware, your network, Internet access, and your website.
In Chapter 7, we’ll offer some tips for repairing a broken computer. In Chapter 8, we’ll recommend options for donated, discounted, borrowed, and shared technology. Chapter 9 consists of worksheets and instructions to guide you through post-disaster impact analysis and triage.
There’s no way that one book could include instructions for responding to every disaster or accident that could befall an NGO or public library. In developing this guide, we’ve chosen to favor information and techniques that can apply to a wide range of organizations, which in some cases has meant a sacrifice of depth in particular topics or recommendations for organizations in particularly unusual circumstances. We’ve included links to several outside resources, and we also encourage you to add your own resources via the tsdp tag in Delicious.
Recovering from a disaster is difficult even in the best of circumstances. Yet while technology is unlikely to be your top priority after an earthquake, fire, flood, or other catastrophe, taking a few minutes to address some key issues will help your organization recover, returning quickly from crisis management to normal day-to-day operations.
The fear and panic that often accompany a disaster, combined with a need to make quick decisions, makes it difficult to go through a thorough, in-depth assessment and planning process. If you have a lot of time to think about your priorities, there are some excellent resources available, which we’ll point you to in later chapters; however, in this chapter, we’ll assume that you’re deciding your priorities in a hurry. We’ll also assume that you don’t have a document that spells out your recovery priorities. If you do have that document, look there first. The following suggestions might make a good supplement, but the recovery priorities that you and your colleagues decided upon in the calmer times that preceded the disaster will probably give you better guidance than the generic suggestions here.
Safety and communication are the highest priorities in any crisis or emergency. Are you and your colleagues, friends, and family members all in a safe, secure location? Do you have the food, water, clothing, and medical care that you need?
Communicating with friends, family, colleagues, and emergency responders comes next. If you need help, is your message getting to emergency responders, disaster relief agencies, and others? If you’re safe, you need to broadcast that message as well so that loved ones and emergency responders don’t worry unnecessarily and devote resources to you that should be going elsewhere. Furthermore, most disasters and emergencies are fast-moving, evolving situations where updates about weather, food supplies, disaster response, and other factors can make the difference between life and death. In an emergency situation, communication has to be two-way.
Third, consider your program and service priorities. Who are your constituents and what services do they rely on? Which key financial systems (like accounting, payroll, grant management, and reporting) does your organization need for day-to-day operations? Is your donation-processing system functioning? Donors may be rushing to help you in an emergency, so it might be vital that you recover this system quickly. Also, it’s always much easier to discuss and document your priorities before a disaster occurs. It’s still necessary and valuable to consider priorities after a disaster, but the pressure of an emergency situation makes it hard to see the big picture.
Of course, this sequence — safety, communication, priorities, recovery — is an ideal one. Circumstances might prevent you from fully assessing your situation and prioritizing among competing options. For example, you might find yourself waiting in your office for an all-clear signal, unable to reach your IT personnel. In these situations, you can still take steps to diagnose and repair damaged systems.