Originally published by TechSoup at https://blog.techsoup.org on September 22, 2020.

Creating an IT Contingency Plan at Your Nonprofit

As COVID-19 continues to affect our world in unprecedented ways, many nonprofits are settling into a “new normal” that may persist for months — or even years. For some organizations, a distributed, remote workforce will remain in place even once restrictions are lifted. And in certain cases, the unexpected and rapid shift to this “new normal” may have exposed some gaps in and limitations of the general IT infrastructure at your nonprofit. And these gaps and limitations may have temporarily made it more difficult or even impossible to serve your community.

  • Who controls that access?
  • If the person in charge of critical operations falls ill, who is the backup?
  • Who else knows how to administer our Office 365 account other than the IT manager?

What We’re Doing at TechSoup

Much of TechSoup’s mission delivery relies on technology to power our marketplace, courses, and validation services. If it were to go down, that would temporarily prevent our ability to provide important information, products, and services to the thousands of nonprofits we serve each day. For that reason, we’ve developed a “Critical Technology Infrastructure Contingency Plan.”

  • One of these individuals is designated as “lead” (ideally should be in management) and is able to facilitate leadership and approval processes.
  • We try to conduct process reviews twice a year for cross-training, testing, and updating the knowledge assets relating to supporting IT critical infrastructure and responding to an IT incident.

IT Contingency Planning at Your Nonprofit

Many nonprofits share a critical supporting role to civil society at large and as such have adopted the same general practices in the event of an emergency. Prior to joining TechSoup, I helped to establish an IT contingency plan for the Silicon Valley Food Bank. At the food bank, having a plan was top of mind due to the inevitable earthquake scenario. And very importantly, we had three very large warehouses on the peninsula filled with millions of pounds of food — a critical social resource, disaster or no.

  1. In the food bank example, we drew up a plan for how the leadership structure and decision-making authority could be switched out to other trained staff in the event that the day-to-day decision-makers were not available.
  2. Audit the organizational processes and functions involved in maintaining business continuity in the event of a critical operational disruption. Next, assess what business knowledge assets and systems require access or training to administer. Determine who currently “owns” those processes, whether they are technical or administrative, and whether there are dependencies on single individuals.
  3. When we did this audit with our tech team at TechSoup, we involved team members across the organization to participate in data collection and assigned a project manager to oversee the audit to ensure consistency of effort and documentation.
  4. Once your audit is complete, develop a plan to organize the respective operating procedure instructions and documentation (SOPs). At TechSoup, we use secure Box folders. Then assign and train emergency backup personnel on their roles and responsibilities in the event of a disaster. Develop an internal communications plan so that all staff members know what happens and what to do in a disaster.

Additional Resources

60+ organizations with kindred missions working together to get critical tech know-how and resources to changemakers around the world. meet.techsoup.org