Integrating IT Support with Disaster Recovery Protocols
Company: [COMPANY_NAME]
Plan Last Updated: [DATE]
Plan Owner: [IT_MANAGER_NAME]
Document Version: [VERSION]
| Name | Role | Contact | Responsibilities |
|---|---|---|---|
[IT_SUPPORT_NAME] |
IT Support | [IT_PHONE][IT_EMAIL] |
IT Assistance & Support |
[OFFICE_MANAGER_NAME] |
Security/Network Lead | [MANAGER_PHONE][MANAGER_EMAIL] |
Security, computer, and network incidents |
[ISP_NAME] |
Internet Service | [ISP_PHONE] |
Internet/connectivity issues |
[BACKUP_SERVICE] |
Cloud Backup | [BACKUP_CONTACT] |
Data restoration and recovery |
- Level 1: Staff Member → Store Manager
- Level 2: Store Manager →
[OFFICE_MANAGER_NAME] - Level 3:
[OFFICE_MANAGER_NAME]→ IT Support - Level 4: IT Support → Service Providers (as needed)
- Cybersecurity incidents: Suspected ransomware, malware, or data breach
- Complete infrastructure failure: All systems down, no network access
- Physical damage: Fire, flood, theft of equipment
- Data corruption: Critical business data appears lost or corrupted
- Security compromise: Unauthorized access detected or suspected
- Complete system outage affecting all operations
- Payment processing completely down during business hours
- Server or backup system failure with potential data loss
- Network security alerts or unusual activity
- Equipment showing signs of imminent failure (smoke, unusual sounds, overheating)
- Single critical system down (POS, internet, phone system)
- Partial payment processing failure
- Workstation crashes affecting multiple users
- Backup system failures or alerts
- Internet connectivity issues during business hours
- Single workstation problems
- Printer issues
- Slow performance (not affecting business operations)
- Minor software glitches
- Equipment requests or installations
STOP - Do not attempt troubleshooting. Follow these steps immediately:
-
SECURE THE SCENE
- If physical danger: Evacuate and call 911
- If cybersecurity incident: Disconnect affected systems from network IMMEDIATELY
- If data breach suspected: Stop all data access and preserve evidence
-
IMMEDIATE NOTIFICATION (within 5 minutes)
- Call
[OFFICE_MANAGER_NAME]:[MANAGER_PHONE] - If unavailable, call IT Support:
[IT_PHONE] - Document time of incident and initial observations
- Call
-
CONTAIN THE INCIDENT
- Do NOT restart systems showing security alerts
- Do NOT delete anything, even if it looks suspicious
- Take photos of error messages or unusual activity
- Write down exactly what was happening when the incident occurred
For non-disaster issues, complete ALL applicable steps before escalating:
- Verify all power cables are securely connected
- Check that power strips/surge protectors are ON and functioning
- Ensure network cables are firmly connected (look for blinking lights)
- Confirm wireless devices show connection to network
- Computer Issues: Completely shut down and restart the affected computer(s)
- Network Issues: Unplug router/modem for 30 seconds, then plug back in
- Printer Issues: Power cycle the printer (off for 10 seconds, then on)
- POS System: Follow
[COMPANY_SPECIFIC_POS_RESTART_PROCEDURE]
- Test the issue on a different computer/device if available
- Check if other similar equipment is working normally
- Verify the issue affects multiple users or just one person
- Confirm the problem is reproducible (happens consistently)
- Ensure software is fully closed and reopened
- Check for obvious error messages and note exact wording
- Verify correct login credentials are being used
- Confirm date/time settings are correct on affected devices
If data appears missing or corrupted:
- Check Recycle Bin/Trash first
- Verify you're looking in the correct file location
- Ask other users if they moved or renamed files
- Note the last time the data was known to be accessible
- DO NOT attempt to restore backups without IT approval
Use the Incident Report Template for all escalations
Our Backup System:
[BACKUP_FREQUENCY]backups of all workstations and server- Local backups stored on
[LOCAL_BACKUP_LOCATION] - Cloud backups provide offsite protection with
[CLOUD_PROVIDER] - Backups retained: Workstations (
[WORKSTATION_RETENTION]), Server ([SERVER_RETENTION]), Cloud ([CLOUD_RETENTION])
[CRITICAL_SYSTEM_1][CRITICAL_SYSTEM_2][CRITICAL_SYSTEM_3][BACKUP_STORAGE_LOCATION]
- DO NOT PANIC - Most data can be recovered
- STOP WORKING on the affected computer
- DO NOT try to restore anything yourself
- DOCUMENT what data is missing and when it was last seen
- REPORT IMMEDIATELY using emergency procedures
- Do not attempt to restore backups without IT authorization
- Do not continue working on a system with suspected data loss
- Do not install recovery software or tools
- Do not restart repeatedly if system shows data corruption warnings
- Get approval from
[APPROVAL_AUTHORITY]or designated IT contact - Verify identity - require company ID and verify with their dispatch
- Document everything - have technician sign in with visitor log
- Supervise access - do not leave technician unattended with systems
- Technician requests immediate payment for "emergency" repairs
- Cannot provide detailed explanation of findings
- Suggests expensive solutions for simple problems
- Attempts to access systems not related to reported issue
- Requests admin passwords or attempts to disable security features
Immediate Actions (within 5 minutes):
- Call
[EMERGENCY_CONTACT]:[EMERGENCY_PHONE] - If no answer, call IT Support:
[IT_PHONE] - Send text message: "EMERGENCY at
[LOCATION]- [brief description]"
- Complete emergency issue report
- Email
[EMERGENCY_EMAIL]with subject: "EMERGENCY - [brief description]" - Call if no email response within 30 minutes
- Complete full issue report template
- Email
[URGENT_EMAIL]with subject: "URGENT - [brief description]" - Follow up if no response within 4 hours
- Complete issue report
- Submit through
[ROUTINE_CHANNEL]
- Review these procedures quarterly
- Successfully demonstrate basic troubleshooting steps
- Know emergency contact procedures and escalation protocols
- Complete cybersecurity awareness training annually
- Use the Training Checklist for competency verification
- Ensure staff understand procedures
- Review escalated issues
- Verify first-level troubleshooting was completed
- Monitor backup completion notifications
- Review issue reports for patterns
- Identify training needs
- Check system monitoring alerts
- Analyze escalation trends
- Update procedures based on recurring issues
- Schedule refresher training
- Review emergency contact information
- Conduct disaster recovery plan testing
- Assess staff competency
- Evaluate vendor performance
- Third-party service outages (Microsoft 365, cloud services, etc.)
- Legal compliance issues beyond basic IT security
- Physical infrastructure failures (HVAC, electrical, building damage)
- Financial losses or insurance claims from incidents
- Advanced forensic investigation for legal proceedings
By implementing this plan, management acknowledges that IT Support providers offer guidance and consultation, but final responsibility for plan execution rests with company management and staff.
Remember: Most technical issues have simple solutions, but serious incidents require immediate professional response. Following these procedures will resolve many problems quickly, ensure proper documentation when expert help is needed, and protect your business from preventable disasters.