Checklists

Return to:

Checklists

How to prevent IT disasters

Checklist

  1. Consider how serious a system failure, misuse or data loss could be; use this to decide how much to invest in disaster prevention.
  2. Purchase proven equipment and software; try to avoid bespoke systems.
  3. Arrange any external support you may need: for example, installation, maintenance, training, troubleshooting and disaster recovery.
  4. Physically protect your equipment; use surge protectors or uninterruptible power supplies and ensure that your premises are secure and not at risk of damp or flooding.
  5. Establish security procedures (eg password control) and use anti-virus software and an Internet firewall.
  6. Assign responsibility for the system to one individual; provide appropriate training and clear guidance on when to call on external experts.
  7. Train employees how to use your IT system and specify what tasks must be referred to others; establish a procedure for reporting faults or problems.
  8. Establish and implement an email and Internet policy to regulate employees' use of the Internet and to minimise the risks of a virus entering your system.
  9. Restrict software installation and configuration to authorised, trained personnel; ban employees from installing unnecessary software.
  10. Establish a safe installation and upgrade procedure, including backing up data, updating your anti-virus protection and running parallel systems while testing if necessary.
  11. Carry out regular routine maintenance, for example, cleaning equipment, running system utilities, archiving old files and testing system performance.
  12. Establish an effective daily back-up procedure, and store back-ups securely off-site; regularly test to ensure that you can restore data from your back-ups.
  13. Keep clear records of system configuration, software versions and upgrades or patches; securely store copies of software and updates.
  14. Prepare contingency plans in case of disaster, including manual systems for maintaining key operations; consider insuring your system and data.

Cardinal rules

Do:

  • protect your system physically and with appropriate software and procedures
  • train employees
  • identify and arrange any external support you need
  • back up your data
  • make contingency plans

Don't:

  • allow untrained employees to install software
  • ignore the need for routine maintenance
  • assume that procedures will always be followed