If you’re using another organization or individual’s computer, you probably can’t wipe the machine and set up a fresh account. But you still need to safeguard your organization’s data from loss and corruption, as well as accidental disclosure once you return to a more stable environment — all while respecting the constraints imposed by the equipment’s owners.
Setting Expectations with the Lender
Make sure you and the lender understand what counts as acceptable use and who is responsible should something go wrong. If the equipment comes with preexisting conditions, you need to know about them before deciding whether it is suitable for your organization. A written agreement will help make sure you know where you stand if things don’t work out. If the equipment is particularly valuable, you may want to seek a lawyer’s advice drafting an agreement.
A separate account helps differentiate your information from that of the machine’s owner. It keeps you from deleting the owner’s data and allows you to customize your environment as needed without affecting hers. This measure will also make it much easier to remove your data from the owner’s computer and port it to a new one before returning it.
Tip All modern versions of Windows, Mac OS, and Linux allow for multiple user accounts. For Windows, look under “User Accounts” or “Users and Passwords” in the Control Panel. In Mac OS, select Accounts in the System Preferences pane.
Firewall and Virus Protection
As it is borrowed equipment, take measures to protect the equipment from viruses and other malicious activity. Ideally, the owner will have already implemented malware protection, but take extra precautions to make sure that these tools are up-to-date, especially if there’s existing data on the computer.
Removing Spyware, Viruses, and Other Forms of Malware
Back up all of your data from the borrowed equipment.
Move your backups to your new equipment.
Check to ensure that everything is working well. Ideally, arrange for an overlap period of a month when you use your new equipment, but still have access to the old if you find that something isn’t working well.
Once you’re sure everything has been successfully moved to your new equipment, delete all of your data and the accounts you were using from old machines. If possible, reformat the borrowed machines.
Tip Reformatting a borrowed computer will destroy all of the owner’s data as well as your own.
As you’re rebuilding your technology infrastructure, you may need to keep your costs down by seeking out free alternatives to commercial software.
Open-source software is governed by a more flexible license than traditional, commercial software. Users can download and install open-source software free of charge and create and distribute plugins to customize it. In some cases, open-source software is maintained by a community of volunteers; in other cases, it’s maintained by a for-profit company that relies on sources of income besides software sales.
In the past few years, several open-source tools have grown a fair amount of popularity in the NGO community. The Nonprofit Open Source Initiative’s primer for nonprofits is an excellent place to start learning what open source can do for your organization.
Choosing and Using Free and Open Source Software: A Primer for Nonprofits
Six Steps to Adopting Open-Source Software at Your Organization
http://www.techsoup.org/learningcenter/software/page5683.cfm Microsoft Office vs. OpenOffice.org
http://www.techsoup.org/learningcenter/software/page4765.cfm The Myth of Open Source?
Web applications like Google Docs and Microsoft Office Live might serve you as a replacement for traditional office software, either temporarily or permanently. For more information, see Alternatives to Regular Backups on Page 31 and Are Web-Based Collaboration Tools Secure? on Page 33.
Chapter 9: Post-Disaster Operations Analysis
This chapter is designed to help you identify, assess, and recover vital personnel, services, and equipment following a disaster. Use the checklists and charts below to ensure that the recovery process goes as smoothly as possible, and to manage your personnel and assets throughout the process. Certain charts are customizable in a separate Microsoft Excel file available in our Disaster Planning and Recovery Toolkit.
Disaster Planning and Recovery Toolkit
People and Deliverables
To recover from a disaster, it’s important to respond quickly and effectively, identifying needs, prioritizing resources, and communicating clearly. The checklist below can help you organize people and communication during a crisis so that you are able to accurately analyze the impact on of the disaster on your organization and prioritize recovery efforts.
If you have a plan, then follow it as you (hopefully) did in your practice drills. While some things won’t go as planned, most things should.
If you don’t have a plan, then you need to determine how you will proceed; decide who will do what, and when.
Once you have determined who in your organization is responsible for making which decisions, ensure that there is also a process in place to cross-check these decisions.
Tip Try to keep communication simple. In the absence of a formal risk or issues register, an old-fashioned message pad and to-do list will suffice.
Beware of heroic “Rambo” types making drastic decisions, especially if these decisions could risk lives or limbs. In addition, some people feel they must be in the thick of the action to be helpful — try to harness this energy by delegating tasks appropriate to their skills and the situation’s needs
Do not assume that first responders — public services that deal with emergencies and other aspects of public safety (such as public utility crews, community emergency response teams, firefighters, and so on) — will keep you informed, and never assume that the danger has passed. Contact them to ensure that you are receiving accurate and current updates on the status of the situation; likewise, these agencies and personnel may require information from you.
Make sure you’re relying on a dependable news source for information (in other words, don't believe everything you see on the news or read in the press, which may be sensationalized). If need be, appoint someone to handle public relations to ensure that the information you're receiving is consistent.
Contact staff via a phone tree that follows your normal chain of management, with top-level managers contacting their direct reports and so on, so that everyone is covered. To do this, you will need up-to-date, readily accessible home and cell phone numbers.
Establish a help desk or two — one for customers and one for staff — to avoid overwhelming the switchboards.
Once the above process is set in place, you can begin to evaluate and address the disaster’s likely impact on the organization.
Will you require third-party contingency suppliers (such as salvage companies or mobile computer room suppliers)? Even if you're not yet certain, it may be worth contacting them to notify them of potential need.
Set up project teams and get key decision-makers to meet regularly.
Discourage all but key staff from turning up to help; as tasks are delegated to those staff, establish a communication protocol for status updates.
Keep the situation and environment controlled and professional at all times.
Deliverables Checklist Plan of action
Staff call tree
Recovery document that identifies where important data are kept, such as:
Supplier contact list
Supplies of your new work environment
Existing floor plan. This will help out when you need to make new arrangements if you plan to need more space.
Tasks and Deliverables Tracking Chart2: Use this chart in conjunction with the Deliverables Checklist to ensure that required tasks are completed following a disaster.
Use the charts and guidelines below to identify the technology and personnel required to keep your operations going after a disaster.
Technology Priorities Assessment: Use this chart to identify the key applications required to operate your organization over the next 24 hours, the next three days, and the next week.
Technology Refresh: Key Recovery Staff: Assuming all staff are available, the table below allows you to identify the key personnel required to recover your systems and where these systems will be recovered.
Project Planning and Rollout
Plan your recovery using your Business Impact Assessment before you attempts to acquire or replace services or equipment. Consider conducting a try run rather than just jumping into recovery. A day’s worth of planning can save you time, energy, and pain.
List the transportation you will need (cars, taxis, public transit) during the recovery phase. Don’t forget to detail parking and any special requirements.
Keep track of expenses so that you can inform funders about the impact of recovery on your finances. Consider tracking all time spent on recovery with a special disaster-recovery expense code when your accounting systems are functioning again, for example.
List all accommodations you need during your recovery by both type and duration. Don’t forget to include additional items like food and other supplies.
Maps and Directions
List maps and directions that you may need during recovery. For example, you could Use an online mapping service to save maps and directions to the nearest hospital, fire station, or community center.
Use the forms below to keep track of contacts you’ll need during your recovery.
Technology Recovery Contacts
Internal Escalation Contact List
A diagrammatic communications plan will help your organization visualize the channels of communication during an emergency. While every organization's structure, personnel, and culture facilitate a different set of processes, the following is an example of a communications plan for an organization with two sites and one designated Business Recovery Manager:
Business Impact Assessment Questionnaire
Create an organization chart for your business unit, and then rate each department or division in terms of its unavailability following a disaster. Use the following scale:
The sample organization chart below represents the ratings of a community health clinic.
Business Unit Information This chart can be used to record the functions of each business unit in your organization. It can be kept in a known repository at the recovery site for reference.
Business Process: What are the business processes performed by each of your departments? Include the name and a brief description of the business process.
Analysis of Key Processes: Use the following chart to identify key processes in your organization (use a separate copy of the chart for each process).
Legal and Regulatory Requirements
Are there any legal or regulatory requirements for loss or delay of the service provided?
Would a delay or loss of service result in any penalties?
Consequences of Not Performing Functions
Under the following headings, please indicate your assessment of the business impact of not performing this function during the recovery process.
Potential Impact: Estimate the potential impact to your constituents if this function is paused.
Additional Costs: Estimate what additional costs (fines, claims, cancelled contracts, lost discounts, interest payments, etc.) the organization would incur if operations were not restored following a disaster.
Health and Safety: Use the chart below to outline how health and safety might be compromised if certain processes were not performed following a disaster. Rank them in their importance to business continuity.
Use this section to describe the workflow relationships that are relevant for your organization.
Business Interfaces: List any internal or external business interfaces (including companies, banks, and customers).
Staff Relocation Requirements: Use this chart to indicate how mane desks are required to restore continuity, and what each workstation will need.
Data and File Recovery The following charts serve as a way to organize and see what data is missing.
Report Requirements: Use this chart to keep track of all of the reports that you have and need. Note if a report is of a central or critical nature and its special requirements.
Hardware and Software Resources: Use this chart to track how many items are used, what is required during the recovery, and when it will be required.
Voice Recovery: Use this chart to identify your phone requirements following a disaster.
Internal Contingency Plans
Supplier Contact Details: Use this chart to keep track of your suppliers and any information that could be relevant to restoring continuity.
1 In research for this book, we surveyed a total of 346 NGOs and public libraries in 12 countries. The survey was open both to organizations that had had disasters damage part of their IT infrastructure and ones that hadn’t. We also had follow-up discussions with a several organizations. Some of the respondents we cite chose to remain anonymous.
2 The charts in this chapter are intended as examples. Each chart marked with the pencil icon is available for download at TechSoup’s Disaster Planning and Recovery Toolkit (http://www.techsoup.org/toolkits/disasterplan/index.cfm). Download the spreadsheet and customize each chart to meet your organization’s needs.