Emergency IT plan must be well designed
Emergency IT plan must be well designed
Build plan over time with small steps
Your information technology emergency plan needs to address the types of problems you are most likely to encounter, says Rajesh Shetye, MS, MBA, executive vice president of information services at VNA Healthcare Partners of Ohio in Cleveland.
"The scope of your plan is subjective and depends on where you are located and what types of emergencies you are likely to encounter," he says. "An agency sitting on top of the San Andreas Fault is more likely to include earthquakes as a potential emergency situation, where I am not likely to address it in my plan for a Cleveland, OH, agency."
Start your plan by assessing your risks, Shetye suggests. Also, don't begin writing a plan that is overwhelming, he says. "Start small with emergencies such as fire, loss of power, loss of a key staff person in the information technology department, loss of computer, and work up to loss of the ability to enter the system."
As you build your plan, be sure to identify every user that might be affected, he says. Also identify every asset, such as a computer, and the maximum amount of time you can be without that asset, Shetye says. "For example, you can have a computer that is not working for a month because there are other ways for a person to do their job by using another computer, but your agency may only be able to go four hours without a server," he explains. "If your agency is 100% online and using no paper, your recovery window for any outage is small."
Once you've developed your emergency plan, test it to make sure everyone knows how it will work, suggests Shetye. "Make sure you have power cords, access to backup disks, and keys to software," he says. Also, make sure the plan is not dependent on one person, Shetye says. "Several people need to know where the information is and how to implement the plan."
Outside storage for your data is one option to protect data and allow access if you can't access your server, says Shetye. If you choose to use a vendor for off-site backup of your data, which can be helpful in case of loss of power, loss of server, or loss of access to building, be sure to insist that the vendor understands HIPAA (Health Insurance Portability and Accountability Act) rules and regulations about privacy and security of health information, he points out. Your contract also should identify specific penalties and responsibilities if the vendor violates any regulations, Shetye adds.
Development of a solid information technology emergency plan doesn't happen overnight, but it is an essential part of protecting your business, he points out. "An information technology emergency doesn't affect just the information technology department," Shetye says. "It affects the entire business."
Your information technology emergency plan needs to address the types of problems you are most likely to encounterSubscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.