When creating an IT emergency manual, you should proceed in the same way as you did for your IT manual. In the Concepts module of Docusnap, select the “Emergency Manual“ template and create a new document. This provides you with an initial basic structure for your project. Now, it’s up to you to give life to the document.
Contents based on existing emergency management
Has your company already set up emergency management? If so, you will have to coordinate your actions with the responsible emergency management officer, as the IT emergency manual to be created must integrate with the overall concept. Moreover, a dedicated IT emergency manual must be mentioned in the general corporate emergency manual. If such a manual does not exist yet in your company, you will have to add some contents, which otherwise would have been dealt with by the emergency management officer, to your IT emergency manual. Read more on this topic in the two-part “Contents of an Emergency Manual” blog post. The contingency plans discussed there will then be incorporated in part B of the emergency manual, provided that you adhere to the structure described in the complementary blog post.
Independently of a general emergency manual, the IT emergency manual should include the following contents:
– How is the topic embedded in the functional division and what is its relevance to the entire company?
– Interaction with risk management and contingency management
– Terminology: how is an emergency situation defined?
– Staff list with phone numbers, e-mail addresses, etc.
– Alarm plans and reporting channels
– Purchasing processes in an emergency situation
– Measures to be taken after the emergency situation has ended, documentation of the incident
– Contingency planning measures, contingency plan
– Recovery plans for the computing system
Recovery plans provide for all contingencies
You will spend a major part of your effort on creating the individual recovery plans. This requires you to comprehensively analyse all IT procedures, the hardware in use, all software applications as well as all transaction and system data. Recovery plans are like step-by-step instructions for re-enabling the server room or the data centre. For details on how to create such plans, read our “Creating Recovery Plans” blog post.
It goes without saying that nobody ever wants to experience a situation in which this document needs to be consulted. This, in turn, does not enhance the motivation to work on documents such as an emergency manual or recovery plans. It is nevertheless a necessary task that is worth the effort because the very fact that somebody actually delves into this topic is a benefit for the IT department and the entire company. Performing profound analyses and going through what-if scenarios alone might help to identify weak points. Such deficiencies should be remedied as soon as possible. This will considerably reduce the probability that a failure occurs – exactly what you want to achieve.
Thus, an emergency situation is likely not to occur at all. Since there is no perfect safeguard against emergency situations, a residual risk will always remain. The only way to further minimise this risk is to conclude suitable insurance contracts. But if you anticipate emergencies by initiating all possible measures and proactively address this topic, you are on the right track. For the rest, be patient, as things will develop. No need trying to create a perfect IT emergency manual right from the start.
I am convinced that, here too, the Pareto principle applies: 20% effort = 80% result.