10 steps CIOs can follow to better prepare and manage a crisis:

  1. Be prepared. Take time to sit down and consider the possibilities of what could happen, envision the worst-case scenario, and plan accordingly. By designing a plan that is meant to react to the worst-case scenario, you will ensure that measures are incorporated which can be applied to lesser emergencies."
  2. Document your plan. Put the plan down on paper and share it with all employees. Your employees must know the procedures in place to carry out the plan. Documentation and education are critical to ensuring that people are ready to act when the unthinkable happens.
  3. Designate and define roles and responsibilities. Designate emergency managers within the IT shop to handle procedures in case of a disaster. Define their roles and make sure everyone knows their responsibilities in case of an emergency.
  4. People come first. In the event of a disaster, plan for the safety and well-being of IT staff and customers first. In some cases, this may mean calling security or reaching out to get food, water, and medical help.
  5. Back up the data. Part of the day-to-day activity within IT should include backing up data and documents. At minimum, we recommend keeping one copy of your backup in a fireproof box on-site and keeping another copy in a fireproof box off-site.
  6. Select alternate IT locations. Identify, in advance, where IT would relocate in a disaster scenario. Select primary, secondary, and third-choice options, any of which could mean relocating to a different building, another city, or another state.
  7. Establish a communication plan. How would IT function if it lost phone lines, high-speed connections, and/or third-party connectivity? Be sure to review plans and backup with all service providers.
  8. Document a restoration plan. List all critical names and contact information, including phone and cell numbers, pagers, and e-mail for the following:
    —Company emergency team
    —Critical IT personnel
    —Service and emergency management
    —Local contractors
    —Critical customers
  9. Educate employees. Be sure everyone in the IT department knows emergency evacuation exits and processes in place for shutting down systems in an emergency situation.
  10. Review. Review the disaster recovery plan once every quarter and update all names and numbers. This is an important step to ensure your readiness to act in the face of disaster.