Post Incident Management
Develop and Implement Preventive Measures
An organisation can take several measures
to prevent or minimise the effects of
Many of these measures are inexpensive
and easy to implement.
Prevention is better than cure
i.e. it is generally more expensive to fix something than to
avoid breaking it.
The following list includes some preventive
Create and frequently update network and wiring
Monitor the information systems and the server
Control the temperature in the server room
Ensure that maintenance and server contracts will
be honoured quickly in the event of a disaster
Maintain a library of hardware and software
manuals and keep them secure
Secure all cabinets and servers in the server room
(fix them to the walls and floor)
Place fire extinguishers in the server room and
ensure staff know how to use them
Protect the information systems by connecting
them to electrical surge protectors
Ensure all staff are trained in appropriate
Install fire detectors and a fire suppression system
in the server room
Consider a back up generator for essential
The use of fire retardant walls, floors,
ceilings and doors should be considered for
the server room
Regular back ups of the server system.
Ideally store these back ups off site.
Maintain a store of essential supplies to
keep the systems running
Produce a call out list of qualified individuals
and post it in the server room in case of
Select and train appropriate employees to
perform the following roles:
Responsible for risk assessments of the building
First Aid Officer
Responsible for minor injuries and accidents in
the work place. Liaise with emergency services
in the event of a medical emergency or disaster
Depending on the size of your organisation
and facilities will dictate how many
employees you will wish to train
Install a security system which requires
some form of identification and/or swipe
card to be used by employees
All visitors must report to a reception are
and be signed in and out. Preferably
escorted around your building by an
Consider 24 hour security, either on site or
reactive to any alarms.
The installation of cameras are appropriate
if someone is watching them 24/7,
otherwise any crime or disaster will be
taped but may not be avoided.
Insurance companies may require a high
level of security in order for your
organisation to qualify for coverage.
No plan is of any use to an organisation if
regular drills and exercises are not
Typical recovery strategies for IT systems
Hot Site – a ‘hot site’ is a fully configured
system that consists of all your hardware and
software which is ready to take over when your
main frame fails.
Warm Site – a ‘warm site’ is similar to the hot
site but without the hardware. All off your
software is available but will need to be loaded
onto incoming hardware systems. This will take
some time and will be a slow turn over.
Cold Site – a ‘cold site’ is merely a suitably
identified room that can be used, in the
event of a disaster, to reinstall new
hardware and software in order to get your
system back to normal. This is expensive
and time consuming.
Alternate systems and networks – this
refers to systems and networks not used as
the main frame but can be adapted for such
use if required.
Reciprocal Agreements – this is an agreement
between different companies. In the event of a
disaster they can use each others systems. This
requires compatible hardware and software.
Advantages are low or no cost implications
Disadvantages are the compatibility of hard and
Two Data center – where a company is large
enough to have several main frame systems in
different facilities, even countries. They can
transfer the running of their data whilst recovery
Vendor Contract – the vendor is contracted
to supply equipment and/or services in the
event of a disaster. The vendor may have
many companies to cater for in the event of
such a disaster, you may not be their first
priority and supplies may run out.
Any combination of the previous options.
Chain of Command and management must
also be considered. In the unlikely event
that senior managers are indisposed who
will take over the decision making role?
Do they have access to any swipe cards,
keys, pass codes and sensitive information?
During an emergency situation, there is no
time to figure out who are the right people
Produce and display a list of emergency
personnel that should be contacted.
On the list should be essential personnel
and a brief description of their roles.
This list should be frequently updated and
copies held by all relevant departments and
Contact List – example layout
Each team leader and essential person
should be responsible for maintaining this
contact list so that it is up to date
Appropriate training should be identified for
each role and individuals kept up to date
with current thinking
Senior management to authorise the regular
use of drills and exercises to highlight
individuals roles and responsibilities as well
as test the Plan
Produce a List of Essential Items
Keep a list of essential inventory items and
their locations if already available.
Within the list include vendors and or
companies who will provide the equipment /
Consider the following
Off-site storage location
Software and data back up
Temporary location details
Each team leader should have access to the following:
Cell Phone Whiteboards
Computer (with Flashlights
internet connection) First Aid Kit
TV Utility Knife
AM/FM radio Glow Sticks
(wind up if possible) Two-way radio
Paper and Pencil
Sample Emergency List
Click button to go to sample emergency plan provided by