Written IT Contingency Plan

Because no computer system can be expected to operate perfectly at all times, unplanned service disruptions are inevitable. A disruptive event could include a power outage, software failure caused by a virus or malicious software, equipment destruction, inadvertent employee action or a natural disaster, such as a flood or fire. The plans, policies, procedures and technical measures that help enable the recovery of operations after an unexpected IT disruption are collectively referred to as IT contingency planning.

An unplanned IT disruption involving the corruption or loss of data or other computer resources from ransomware, hardware failure or human error, for example, could significantly curtail a local government’s or school’s operations. Proactively anticipating and planning for such disruptions will help prepare local government and school personnel for the actions they must take in the event of a disruption and could significantly reduce the resulting impact.

The goal of IT contingency planning is to help enable an IT system and/or electronic data to be recovered as quickly and effectively as possible following an unplanned disruption. The content, length and resources necessary to prepare an IT contingency plan will vary depending on the size and sophistication of your local government’s or school’s operations.

Some best practices relating to IT contingency planning include:

• Assembling a team responsible for drafting the plan,
• Identifying and prioritizing critical business processes and services,
• Developing and distributing the plan to all responsible parties,
• Training personnel expected to execute the plan,
• Testing the plan as appropriate, and
• Reviewing and revising the plan as necessary to ensure it still meets local government or school needs.

Backup Procedures

A backup is a copy of data files and software programs made to replace original versions if there is loss or damage to the original. Establishing backup procedures is a necessary part of IT contingency planning and often critical for restoring operations quickly and effectively following an IT disruption.

Some best practices relating to backup procedures include:

• Adopting a backup policy that defines the responsibility, frequency, scope, storage location(s) and specific method(s) for backups;
• Backing up data at intervals appropriate for the local government’s or school’s data needs and usage;
• Verifying data has been backed up and can be restored whenever needed; and
• Storing backups in an offline and offsite location that meets the local government’s or school’s data security requirements.

A further discussion of IT contingency planning and backup procedures can be found in the Office of the State Comptroller’s publication entitled Local Government Management Guide: Information Technology Contingency Planning.¹⁹

¹⁹  https://www.osc.ny.gov/localgov/pubs/lgmg/itcontingencyplanning.pdf

The Information Technology Governance LGMG can be downloaded at https://www.osc.ny.gov/files/local-government/publications/pdf/information-technology-governance.pdf