Joined on 06-09-2003
Davenport, Iowa USA
Does anyone have thoughts about disaster planning in the event of loosing functional areas that are covered by one person? As our organization has grown we are faced with how to plan for an unplanned loss of a few critical areas like a one man IT department, or a payroll department.
I'm trying to get my arms around how to plan if something happens to me, what does the org do?
Dave
Hi Dave,
Yeah I had a similar experience being the one man IT team for a small org of around 10 people. Just like data I try to keep knowledge redundant, writing things down religiously, and educating employees to know how to look for info. I also try not to be too "cute" in my setup. In my consulting work i see too many configurations where IMHO it was done to stroke their geek egos, rather than follow a KISS rule. It's also good karma I think to be prepared to prepare your client for a new consultant, not to make things too complicated. I guess it's analogous to coding and commenting well when you write a script or program.
Kevin
I think of the first rules of thumbs is get a BIG storage solution. Once you get that, then you have options (backing up to tape later, making quick backups when tape might be inconvenient, etc)
I also suggest ALWAYS doing a file online backup of an Exchange server (usually to c:\backup\ on the same drive) in addition to tape. After you fix a few crashed Exchange servers, you learn not to trust other people after you who do the tape. This also makes ensures that the log files don't get out of control.
Hi Dave,
In support of the concepts above, I also find customization without documentation to be a road to ruination during disaster – good practice and standardization are two vital keys to effective systems redundancy.
Payroll (as with IT), is subject to standards of practice. For Payroll it’s accounting practice. When Payroll is done properly any experienced Payroll officer should be able to ‘pick up the ball’ with minimal fuss if a knowledge worker is lost to the organization... Similarly, (when IT is done properly), any competent IT knowledge worker should be able to pick-up where someone else has left off. This fails when systems are not managed properly and/or custom systems are developed and deployed without adequate documentation.
IMO it’s really just a matter of making sure that knowledge workers follow the same rules of management that we expect from all sectors of business – To document, record and report.
Don
Joined on 05-10-2007
TechSoup Member
I agree with Don.
In some regards, it is about managing personnel risk - and hence comes back to an understanding of the role people have in the organisation, and how easy it would be to replace them. Not to mention the information and undocumented processes that they manage - this doesn't just have to happen in IT.
To use Don's accounting example, even though I use of the shelf, widely used accounting software for our business, many of the processes, and the manner in which information is recorded is not clearly documented. Even for someone with the appropriate skills will take some time to get up to speed with how our business accounts for its activities.
Documentation of these processes and related information is critical to being able to recover from the temporary or permanent loss of key personnel.
Cheers Gav
Joined on 09-08-2003
TechSoup Member
Documentation of these processes and related information is critical to being able to recover from the temporary or permanent loss of key personnel.
This cannot be stated enough. Also make sure to document user ids, passwords, any critical tid bits of information that they use to get the job done.
Joined on 10-25-2006
TechSoup Member
In the most generic sense of business continuity, Standard Operating Procedures helped immensely. I worked in a warehouse that had been patchwork IT before me. Not only did I disaster proof my position, but I also helped cerated SOP documents that detailed step by step functionality of a position for every new job task. In an environment with high turnover, this helped get new employees up to speed in black and white.
Documentation is key, and keeping it offsite, on paper, as well as in digital forms is important. USB keys are extremely cheap now, and you can encrypt the data on it. Related to the recovery aspect of the online event, if you really want to be safe, write out or keep only some of the credentials, and maybe the other details in another location. As an example you can keep the first half of your passphrases on a document in a offsite location, and the other half on your key. More likely than not, this is only if you yourself forget it because it is an obscure piece that youdon't often visit, but if you wrote the first part down you will remember the last unwritten part. Or, you can temporarily give the information to someone else (say, if you went to Antigua), without fully compromising the system. That second-in-command person, should s/he need to recover anything, ought to be able to piece together the info.
Joined on 06-09-2003
Davenport, Iowa USA
From the locksmith installing a new safe yesterday.
Write the combination (password list) on paper. Fold up with a dark piece of paper so you can't shine light through and read anything through the folded paper.
Place in business envelope seal and then sign across the seam of the flap and envelop with pen. If you want two person seal have each person sign a side of the flap. Then use clear tape to tape over the signatures on the envelope.
Now the sealed envelope can be placed with a person or entity of trust outside the building.
The envelope cannot be opened or steamed with out compromising the signatures. The entity of trust can have the instructions of to who and when to release the envelope.
A low tech password storage solution.
Dave
> From the locksmith installing a new safe yesterday.
Sound and sensible advice.
Don