Creating an IT Contingency Plan at Your Nonprofit

  • Who has access to which files and databases?
  • Who controls that access?
  • If the person in charge of critical operations falls ill, who is the backup?
  • Who else knows how to administer our Office 365 account other than the IT manager?

What We’re Doing at TechSoup

Much of TechSoup’s mission delivery relies on technology to power our marketplace, courses, and validation services. If it were to go down, that would temporarily prevent our ability to provide important information, products, and services to the thousands of nonprofits we serve each day. For that reason, we’ve developed a “Critical Technology Infrastructure Contingency Plan.”

  • At least three people in the enterprise infrastructure know how to access key documentation and systems and can step in to support our critical infrastructure should the key SME (subject matter expert) be unable to fulfill the duties of their job. We have ensured that these three backups have their own access credentials and understand the operations related to each of the systems. Examples are system backup and recovery processes, email administration and support, and network infrastructure.
  • One of these individuals is designated as “lead” (ideally should be in management) and is able to facilitate leadership and approval processes.
  • We try to conduct process reviews twice a year for cross-training, testing, and updating the knowledge assets relating to supporting IT critical infrastructure and responding to an IT incident.

IT Contingency Planning at Your Nonprofit

Many nonprofits share a critical supporting role to civil society at large and as such have adopted the same general practices in the event of an emergency. Prior to joining TechSoup, I helped to establish an IT contingency plan for the Silicon Valley Food Bank. At the food bank, having a plan was top of mind due to the inevitable earthquake scenario. And very importantly, we had three very large warehouses on the peninsula filled with millions of pounds of food — a critical social resource, disaster or no.

  1. Begin with an assessment of the essential criticality of your mission as it relates to supporting critical civic infrastructure. Weigh that against the practicality and scope of developing and maintaining a contingency plan.
  2. In the food bank example, we drew up a plan for how the leadership structure and decision-making authority could be switched out to other trained staff in the event that the day-to-day decision-makers were not available.
  3. Audit the organizational processes and functions involved in maintaining business continuity in the event of a critical operational disruption. Next, assess what business knowledge assets and systems require access or training to administer. Determine who currently “owns” those processes, whether they are technical or administrative, and whether there are dependencies on single individuals.
  4. When we did this audit with our tech team at TechSoup, we involved team members across the organization to participate in data collection and assigned a project manager to oversee the audit to ensure consistency of effort and documentation.
  5. Once your audit is complete, develop a plan to organize the respective operating procedure instructions and documentation (SOPs). At TechSoup we use secure Box folders. Then assign and train emergency backup personnel on their roles and responsibilities in the event of a disaster. Develop an internal communications plan so that all staff members know what happens and what to do in a disaster.

Additional Resources



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The TechSoup Global Network

The TechSoup Global Network


60+ organizations with kindred missions working together to get critical tech know-how and resources to changemakers around the world.