When an emergency occurs in a computing network, the employees need clear instructions as to responsibilities and processes that must be set up by corporate management. While doing so, five crucial questions have to be answered.
1) What must be done?
First of all, define the required tasks and the measures to be taken in an emergency. This also includes setting the order in which the responsible persons must be notified when an emergency occurs. In general, the flow of communication in case of an emergency must be prepared and controlled. This means: Which information is relevant to whom, when and how will it be distributed internally and externally? Besides the efforts to restart operation as soon as possible, it is also important to gather documents and folders from workstations and servers and create a central backup. To cope with emergencies, external service providers, who are able to supply replacement workstations or stand-by data centers, should be involved beforehand.
2) Who can do it?
The planners must define who is capable and intended to assume which roles and tasks in an emergency, taking into account that particular persons might not be available. It is therefore necessary to define functions and roles with their associated responsibilities on the basis of scenarios without assigning them to specific persons. As an integral part of contingency planning, determine the persons who are authorized to release emergency processes. As this often cuts short the usual approval workflows, many a manager needs to abandon his/her concerns and place trust in the employees when it is up to them to decide.
3) How to do it?
Explanations and checklists help the responsible persons to accomplish their tasks in an emergency. While comprehensive manuals might be helpful in detail issues, simple lists, diagrams, and clearly structured forms (in PDF, Excel, or Word format and as hardcopies) give a quick overview without lengthy browsing.
4) When to do it?
Set the timing for each activity and give clear instructions on the order of tasks to be adhered to. This is no easy task as the planners must consider in their workflow concept that many processes need to be executed concurrently to cope with the disaster.
5) Where to do it?
Since some tasks must necessarily be performed at a particular location, the place of action for each team should be defined and – as far as possible – be prepared as well. This applies for example to stand-by workstations or backup data centers.
With one-time contingency planning, however, the job is not done yet. In practice, workflows and rules do not always work the way they were conceived. This means that the measures need to be checked regularly. What is more, changes in the organization, the corporate processes, and the technical infrastructure must be taken into account. Notably with respect to the IT infrastructure, it is important to always have an up-to-date overview of the hardware and software components to be able to act sensibly in emergencies and restore the network as quickly as possible.
For more on this topic: Contingency planning between expectations and reality (lecture held in German at the “IT-Grundschutz-Tag” conference 2013 in Berlin)