This document summarizes a presentation about disaster planning for technology in organizations. It discusses key components of an effective plan such as regular backups, security measures, and documentation. The presentation emphasizes having a "disaster mindset" and that failing to plan is planning to fail. It provides tips for different aspects of a plan such as backing up data, using encryption, and communications after a disaster occurs. Attendees are prompted to evaluate their own organization's plan and discuss how to improve preparation.
5. Key Takeaway
1. Before you have a disaster plan, you need a
disaster mindset
Image: http://www.flickr.com/photos/vistavision/
DISASTER PLANNING #12ntcdp Slide 5
6. Key Takeaway
1. Your plan may end up only 75% successful,
but having no plan means 100% failure
Image: http://www.flickr.com/photos/copenhagen_toejeri/
DISASTER PLANNING #12ntcdp Slide 6
7. Key Takeaway
1. It’s cheaper to backup your data 100 times
than it is to lose it once
Data source: “Cost of Hard Drive Space” http://ns1758.ca/winch/winchest.html
DISASTER PLANNING #12ntcdp Slide 7
8. “What have you got to lose?”
flickr.com/jase_n_tonic
(Creative Commons license)
DISASTER PLANNING #12ntcdp Slide 8
9. It’s all about the data
• Your backup plan needs to cover:
– What's being backed up
– Where it's being backed up
– How often backups will occur
– Who's in charge of performing backups
– Who's in charge of monitoring the success of these
backups
• Make sure it’s easy to reference and access
DISASTER PLANNING #12ntcdp Slide 9
10. It’s all about the data
• Imagine a typical work-day by your key
staff
– Obvious: email, donor data, financials
– Not-so-obvious: bookmarks, network data,
website passwords
• Increasingly dispersed workforce means
there’s more to lose
DISASTER PLANNING #12ntcdp Slide 10
11. Bring Your Own Device
• “Consumerization” not a new
phenomenon in the nonprofit sector
• Pros and Cons to disaster planning
– Extra access point for data and connectivity
– Personal and work data gets commingled
• Liability and insurance
• Best practice: keep less data locally
DISASTER PLANNING #12ntcdp Slide 11
12. Backup and the cloud
• Online backup ≠ Online storage
– Backup: focus on automation, scheduling,
recovery
– Storage: focus on sharing between users and
clients, syncing
DISASTER PLANNING #12ntcdp Slide 12
13. Backup and the cloud
DISASTER PLANNING #12ntcdp Slide 13
14. What about security?
• Cloud/online mitigates a different type
of disaster risk
• Likely more secure than local, but the
potential is always there
• Understand the risk and compliance
needs before diving in
DISASTER PLANNING #12ntcdp Slide 14
15. What about security?
• Local backup: Encrypt as much as you can
• Levels of encryption
• Program level
file encryption
DISASTER PLANNING #12ntcdp Slide 15
16. What about security?
• Operating system drive encryption
• BitLocker, TrueCrypt
• Full-disk encryption
• Most relevant for data loss protection
• Should not be at the cost of
recoverability
• Don’t forget physical security!
DISASTER PLANNING #12ntcdp Slide 16
17. Documentation
• Hard copies of the “What”
– Warranties and receipts for computers and peripherals
– Passwords for encrypted data
– Contact information for anyone who maintains your tech
– Login information for local devices and online services
– Contact information for web hosting and backup services
– Software registration information, including keys
– Insurance information
– Leases
• Remember to update this info!
DISASTER PLANNING #12ntcdp Slide 17
18. Documentation
• Policies and the “How”
– Your backup plan
– Your restore plan
– A phone tree that includes home and cell phone
numbers for all staff
– Meeting locations in the event of a disaster
DISASTER PLANNING #12ntcdp Slide 18
19. The day has come..
Image: http://www.flickr.com/photos/schohariefd/
DISASTER PLANNING #12ntcdp Slide 19
20. Post-disaster communications
• For internal stakeholders:
– Limit the points of contact
– Communicate succinct and relevant information
– Phased recovery if necessary
– Scheduled updates
– (Re)Defining normalcy
DISASTER PLANNING #12ntcdp Slide 20
21. Post-disaster communications
• For external stakeholders
– Constituents: how will interruption of services
affect them?
– If site outage, maintain your presence using social
media
– Funders: will there be missed deadlines?
– Supporters: how can they help?
DISASTER PLANNING #12ntcdp Slide 21
22. Disaster toolbox
• “Real” and “digital”
• Documentation
• Data backups
• Startup disc
• Duplicate keys (physical and digital)
DISASTER PLANNING #12ntcdp Slide 22
23. Planning exercise
• What have you done already? What
needs work?
• Disasters encountered? Stories from the
field?
• What’s the first thing you will do when
you return?
DISASTER PLANNING #12ntcdp Slide 23
25. Evaluate This Session!
Each entry is a chance to win an NTEN engraved iPad!
or Online at www.nten.org/ntc/eval
Hinweis der Redaktion
A plan is static, and the mindset is dynamic Needs to be adaptive with your staff, operations, technology What is your greatest fear? What are you protecting against
No bases will be completely covered, but any plan will help with recovery.
Cost is no longer an inhibitor Eg. Tape drives.
Not the equipment that you have spent you money on It’s the unfinished report, video editing, financial projections
Make it part of your new hire training
Phone can be
Cloud would be a good remedy for this
Compliance Npvault Npcloud.org
Compliance Npvault Npcloud.org
Compliance Npvault Npcloud.org
If it’s paper only needs to be scanned Needs to be updated – Make it a recurring event on your calendar Information needs to be pertinent to your org. eg. CCHS
The phone tree should follow your normal chain of management, with each manager contacting her direct reports in case of an emergency.
If it’s paper only needs to be scanned Information needs to be pertinent to your org. eg. CCHS
If it’s paper only needs to be scanned Information needs to be pertinent to your org. eg. CCHS
If it’s paper only needs to be scanned Information needs to be pertinent to your org. eg. CCHS