Prowi's IT Contingency Plan

Step 1 — Conduct a business impact assessment

  • Critical data and systems for our business include financial transaction data, customer database and production management system.
  • Our emergency operations plan involves the use of an external data backup service and temporary access to cloud-based applications.
  • The business may experience significant downtime after 24 hours without IT support.

Step 2 — Define responsibility and ownership in the organization

  • Decisions in a crisis situation are made by the crisis management team, consisting of the CTO, CEO and department heads.
  • The CEO leads the organization in emergencies.
  • The preparedness effort is led by the CTO.
  • Emergency procedures are designed by the crisis management team.
  • Communication is coordinated by the Communications Department with relevant staff and stakeholders.

Step 3 — Determine which service/operations providers support the critical business processes

  • Relevant vendors include our cloud hosting providers, network provider and IT security services.
  • We have assessed the contracts and they cover our needs according to the impact assessment.

Step 4 — Clarify and document how internal IT systems are reestablished

  • Dependencies between the systems have been documented and we have prioritized them based on criticality.
  • The technical procedures for recovery are described, including data recovery and system configuration.
  • The contingency plan is tested annually through simulations and disaster drills.

Step 5 — Document the contingency plan

  • The first part of the plan describes the affected systems, a crisis definition, roles and responsibilities of key personnel, and escalation procedures to other relevant plans.
  • The second part provides details on activation, role instructions for emergency management, internal and external communications, prioritization of efforts, and recovery procedures.

Step 6 — Maintain the contingency plan

  • The contingency plan is distributed to all key personnel, and it is stored electronically and in printed form.
  • The impact assessment is repeated annually to ensure that the plan remains up to date.
  • Regular training and testing of the contingency plan is carried out, including the involvement of employees in exercises.
  • The plan is continually updated to reflect organizational changes and learning from the exercises.