 The conference is being recorded. There we go. We're being recorded. So I'd like to welcome you all today to join us. Like I said, my name is Becky Regan and I'm from TechSoup. I'm a staff writer here and a blogger. Joining us today on the call we have Chris Shipley. Chris is the principal in a small consulting company, not Meg Consulting, and has many NPO clients that he assists with technology assessment, planning, and implementation. He also is a forum host, so he is regularly wandering around in our forums answering helpful questions for our NPO and library users. So you can find him there probably today after this webinar if you have lingering questions. We also have Elliot Harmon who is with us. He is also a staff writer here at TechSoup Global, and he literally just wrote the book and finished editing the book that we've just produced, The Resilient Organization, a guide for disaster planning and recovery. And he will be talking today quite a bit about what parts of that book we can offer to nonprofits and libraries to help them get their disaster plans underway and going successfully. We have Michelle Baldwin as well. She's not yet joined our call, so hopefully she'll be on soon. But she is the Executive Director of Volunteers and Service to Others. And she was going to share with us a little bit about her experience having gone through a flood at her organization and having lost a lot of tech equipment in that process and how they've developed a better plan since then. So moving on, here's what we're hoping to cover today with our agenda. Why plan for the worst, how to create your own plan, give some examples, share some resources, and take some time for Q&A, and hopefully get a lot of your questions answered. So the big question I guess to start with is why do organizations need a plan? Lots of things don't happen all that frequently. We hear about tornadoes, and we hear about big disasters, but why do we need a plan, Elliott? Thanks Becky. And this is really the philosophy that sort of informs the way that we put the book together as well. I'd really like to frame this discussion in terms of thinking of disaster planning, not only as being ready for the next hurricane or tornado or earthquake, but it's really just about running your organization's tech infrastructure in a way that is malleable, that's flexible, that can adapt not only to disasters and emergencies and accidents, but new opportunities as well. The organization that's ready for a disaster is also ready for a new opportunity to deepen its impact in a certain sector when the opportunity arises to do so. That's really great. And I think we can all agree that being better prepared for a big disaster like this lovely flooded office building, I think that's all of our worst fears. I think that we can all recognize that that definitely would set us back as organizations in our ability to get work done. But I think we also tend to overlook sometimes the little disasters that can steal your data. Do you have a computer that just has a lot of critical stuff on it that hasn't been backed up? All of a sudden it breaks or shuts down or gets run over by a car, then suddenly you've lost some of your important data. And not just the hours wasted in trying to recover that, but also the expense and loss of work hours that you put into creating all of that content and data in the beginning. So like the Boy Scouts always say, it pays to be prepared. It can help mitigate the disaster and also make it easier to recover and just keep your organization running better and consistently without any delay whether you have a disaster or not. So now we're going to kind of get into a little bit of how to create your own plan. And this is the real meat of our session today. So we know why we need to plan. Where do you start when you're going to create your own plan? Elliott, I know you just put this huge book together. It's 77 pages. So can you give us an overview of what these things mean and what the key components are that we need to be planning for? Sure, that sounds good. Okay, well, there it is. This is the first time I've presented in one of these. So I'm still getting used to some of the quirks of this. So quickly an overview of the things that I'm going to talk about over the next 10, 15 minutes. First is communications, both internal and external. Next we're going to talk about documentation which is really key to disaster planning in a way it's just as important as backup if not more so. Next we're going to talk about backup and various approaches to backup. And then finally we're going to talk about human-made disasters. This includes everything from some kind of security breach by hackers or something like that to even the little accidental things that happen from day to day. There are ways to minimize the impacts of this. So first going to communications. The big question here is how does your organization communicate and what contingency plans are available for a change in available services? And that's really what we're talking about here is change in available services which can refer to a lot of different things that can refer to a need to vacate your office, a loss or internet availability, drop in mobile services, landlines become unavailable. Another thing that I would add to that is when a disaster suddenly requires a great deal of work out in the field that was not previously a part of your day-to-day operations, how does your communication structure handle those things? And sort of the visual metaphor that I came up with for thinking about how you can optimize your communications was a starfish. That if you have a communications infrastructure that is like a starfish that has multiple routes of communication that are available and interconnected so that if you lose internet connection, you lose mobile phone connection. You still have other ways of communicate and because they're all interconnected they can kind of take the place of whatever was lost. That's why I put the picture of the starfish there. My computer just turned off. That's a little snaggy, I guess. I'm going to have Elliott sketch over here by me because we're in the same office and hopefully won't delay us too much here. Okay, sorry about that everybody. Unified communications. And we talk about this quite a bit more in the guide. There's also an article on TechSoup that I would recommend you take a look at called Unified Communications Options for your Nonprofit. You can find that from the Toolkit page as well. But anyway, Unified Communications refers to a broad range of technologies and business practices that allow for continuity among multiple forms of communication. That includes hosted voice over IP services. That also includes your local voice over IP implementation that you can build your own voice over IP structure locally. That includes online telephony services like Google Voice, Wing Central services like that. I would put Skype in that list as well. The central point here is the work continues even if phone service is interrupted or staff needs to vacate the office. I'll give you an example of this. I talked with one person who runs a nonprofit that has, if I remember correctly, 6 employees. They use the hosted voice over IP provided by 8x8. So they have these 6 internet connected phones. The ED who I talked with spends more than half of his time out in the office, out in the field, and often outside of the country. He takes this phone with him wherever he goes and plugs it in anywhere that he has internet connection. And therefore even if he's in Russia, he still has access to the same communications that he would have if he were sitting there in the office. There's also a lot of those voice over IP services also allow you to call in from your mobile phone which is especially useful if you're doing a lot of international work. You certainly don't want to rack up those international charges on your mobile phone. Oh yes, alerting stakeholders. How will you keep donors, volunteers, beneficiaries, and friends of your organization informed during an emergency? And there's a lot of things that you want to keep these folks informed about during an emergency. And this includes sudden changes to your organization's services, either services that you're needing to cut down because of the rebuilding process, or more optimistically services that you're ramping up specifically because of the disaster. You need to keep the beneficiaries of your organization aware of how those changes to services are happening. This also includes the status of your recovery and rebuilding, and time sensitive requests for donations, work-nated items, everything like that. You can do this, include a lot of things that hopefully you've thought about already. It includes your email newsletter. It includes coordinating efforts with other organizations in your area. This is actually something that Michelle talked with us quite a bit, and hopefully if she gets on she'll be able to speak to this herself, is that as they were dealing with the hurricane they were able to cooperate with other organizations to get a unified message out in terms of what relief services were available and well. For obvious reasons it's much better to develop those connections and start that cooperation before a disaster happens and not after. And then another side of this that we only have time to really talk about briefly, but that's your social media strategy. That includes things like Facebook and Twitter. It includes the way that you're communicating online. I think that often in the nonprofit world we just talk about social media as a marketing thing. The fact that it is, it's just as much if not more so a communication thing. Could you actually go to that next slide, Bucky? Thank you. This is something you can check out. I just uploaded this to my own personal website for people to take a look at if they like. This is just a very simple example of how you could put Twitter updates front and center on a website in case of an emergency or something like that. Obviously this is just a very simple mock-up, but at the top there where it says, thank you for visiting TechSoup Global, that could be where essential information is called if the phone number that people need to call has changed, anything like that. And below that you have these updates that are coming from the MicroBlogging Service Twitter. Now suddenly you have the ability to keep everybody who looks at your organization's website informed of where you are in the rebuilding process and what you need at that point in the rebuilding process, even if you yourself don't have access to the Internet. That's a great idea. Thank you. Like I said, you can check that out. I just uploaded that to my own personal website and you can download that and look at what I did. It's very simple. So everybody knows who is asking in chat, all of these slides and resources, all of these links that we are discussing will be shared after the presentation is over in a follow-up email and it will also live on our site. I just want to mention that one more time. So go ahead Elliott, take us into documentation. What do we need to do here? Sorry about that. During an emergency you will be glad you documented your systems and procedures clearly thoroughly and excessively. When we were planning this webinar a couple of days ago, Michelle said, this is the information that you need to have in the binder so that if you get in an accident your colleagues can still have access to that information. And Chris replied, hey, why focus on the negative? Maybe this is the information that is necessary for when you win the lottery and skip town that your colleagues can keep the organization afloat. So there is a picture of you winning millions of dollars in Blackjack and your colleagues will be glad that you documented all this information first. Okay, what to document? I'm not going to read every single item on here but to get the main points of this, warranties and receipts for computers and peripherals. Information about where your data is backed up and instructions for retrieving it. Contact information for employees, volunteers, or consultants who maintain your organization's tech infrastructure. And your phone tree as well for getting information out to your entire staff and all of your volunteers very quickly. Log in information and contact information for web hosting, backup services, things like that. Chances are this is all information that you have spread throughout your office in binders and emails. You'll really thank yourself later for having this information all together in one easy accessible location. Thank you, Kelly. That's really great information. And just to kind of switch gears a little bit, I'd love to have Michelle Baldwin who has just joined us. She works for Visto which is Volunteers in Service for Others. And she's the executive director there. And they are a crisis agency. So she got actually held up dealing with a crisis which is why she was a little bit late joining us. So Michelle, I know you've had some experiences both as a service provider to people and communities going through different crisis, but you've also gone through it yourself at your organization. So when talking about documentation, you had some really great suggestions before in a previous conversation about having that go book. So could you talk a little bit about what your experience was, what happened to your organization, and how documentation really helped? Sure. Can you hear me right now? Sure, I can. Maybe a little bit louder. It would be great. Okay. In 2007 our county experienced record flooding. And although we didn't get as much damage as a lot of our sister agencies, we got enough to take out all of our computers, a couple of freezers, and basically anything that was on the ground. Now prior to the flood, if somebody would have asked me, do you have a disaster plan in place, I would have said absolutely because I did. We had computers, we had a backup. I thought we had everything covered. And of course, once that flood happened, I found out very quickly that we didn't have everything covered. Our backup was too close to the floor. And so with the computers, the backup was also taken out. Additionally, all of our records for the previous year were at our accountants and they also flooded. They were never able to recover that data. And so my response then became, okay, we were prepared to be a responder in a crisis. We had never been prepared to be a victim. And one of the things that I learned very quickly is I didn't plan enough what-if scenarios. I didn't think enough about, well, what happens if, you know, all those plans we had, what happens if something happens out of that plan. And so a good disaster plan really needs to be able to get you up as quickly as possible so that you can continue doing your mission, whatever that is. One of the things that, you know, happened to us basically is that not only do we have to continue operating and helping our assistants and all of our sister agencies, but we also had to be able to function. And part of our plan in the countywide plan, there were several agencies that could no longer function like Meals on Wheels. They were completely out. And so people started looking to us to fill those gaps. And so you're trying to, like every day, you're trying to juggle, you know, 18-hats. But it really pays to have a good plan and one that you can follow. It doesn't do any good to have a plan that there's no way you can implement it. You really need to have a good plan. When we get a little bit further, you know, I can tell you about some of the things that we've done to change the way we operate. The grab-and-go binder was great. It had all of those key codes and insurance and board member contacts, that type of stuff. Another thing was those questions. What happens if your staff can't get out? What if they're stuck in your office for three days? You know, what do you do? Those are great points. And I think really hit home the point that even if you think you've got a good plan, really looking at what you've got pulled together and some of the suggestions that we have in this guide and that we're talking about here today, making sure that you've really checked all of those boxes so that you don't miss something that's important and end up, you know, finding yourself in the position where you're suddenly the victim of some sort of disaster and your disaster plan just doesn't hold water. Sorry for the pun. So to jump back into kind of where we left off a little bit, I think the point about documentation is really important. But I'd love to skip back to Elliot to talk a little bit about where to keep documentation because I think that's also really important. And having gone through it as an organization, and a smaller organization before, we had a little go book. It was locked in a safe and nobody but the executive director had a key to get into it and she was always on the road. So if we'd had an emergency, which we were lucky we didn't, we wouldn't have had a way to really get in there and get that go book out. It would have just been in the safe. It wasn't waterproof. So back to Elliot. That's a really great point, Becky, and to piggyback on that a little bit, I actually spoke with a human services agency in California that wanted to remain anonymous, but this operations director gave me some really interesting insights about this. And she told me in fact that she realized partly and thanks to our interview that there were some pretty big holes in their documentation that although they had their phone tree and all of the staff had each other's contact info, they ran for example a use program and only one person had the contact info for all of the kids' parents. They've fortunately changed this since then. But this is the kind of information that yes, you can reconstruct using emails and using various sources, but it takes time. And you should spend that time now rather than spending it during a disaster. In the book we recommend a sort of three tiered approach to storing your documentation. Hard copies, ideally in a waterproof safe or safe deposit box. What we call in the book the master key, which is simply an encrypted USB flash drive that you keep with you at all times. And then online. But again, when you're storing this kind of information online, be sure that it is encrypted. One very quick point about encryption. We talk about this at much more length in the book, but you can't actually use the encryption capabilities that are already on your computer in Microsoft Office. But be sure that you're using the professional level encryption capabilities. The encryption that Office includes by default is actually weaker. And you can find more information about that in the book in Chapter 4. And I think that leads us to backup unless there was something else that you wanted to say there about you. Okay, great, great. What to backup? That includes your user data on all computers. And it also includes home computers and handheld devices. And this is one of those areas where the way that nonprofits and public libraries work is often a little different than the way things happen in the corporate sector. I know that you do have employees possibly who work on a home computer or bring in their laptop to work. I know that you might have a volunteer somewhere working on your website using their personal computer. All of that sort of information should be included in your backup strategy, not only the computers that are included in your office. Backing up your website, find out how frequently your web hosting service performs backups. If at all, some don't. And some do only as an added service if you ask them for it. Even if your web host does perform regular backups, there are still benefits to keeping your own copy of the website on your computer. Other things to think about backing up, your documentation that we were just talking about earlier, how and where is it backed up, your internal data, things that you might only have hard copies of, government forms, contracts, HR records, things like that. Ideally these should be both stored safely in hard copies, but also securely backed up somewhere. Email, most email servers on the market today include backup function. Be sure that you are using it and you understand how and where that backup is working. Bookmarks, it might sound funny to even mention this, but it's something that a lot of people don't think about. And if you lose all the bookmarks in your bookmarks file, depending on your work, you might actually be losing years and years of work. One thing we recommend is thinking about using a social bookmarking service like Delicious. It lets you share bookmarks. It also lets you store them privately so that only you can see them. All right, test your backups before you need them. And I wrote there, test your backups before you need them and you can read the rest of the sub points there for yourself. But I hope that I get the point across clearly. And that is you need to test your backups. And that's not only because of computer error, which can happen. It's also because of human error. Are you sure that the backups are working the way that you think that they are with the frequency that you think that they are? Are you sure that your backups include all of the data that you think they do? Test these things before you need them, not after. We're at a backup. And again, we'll talk about this much more in the webinar next week that is specifically on backup. But the two main tiers of backup are local backup and remote backup. And ideally we would recommend a combination of both of those things. But for local backup, we talk a lot about the 2x2 rule, which is two copies of your backups in two different places held by two different people. It's not foolproof, but it's definitely another level of assurance. I got this wonderful quote from this organization that was impacted by Hurricane Ike. They had been their backups, but in the end their backups ended up being destroyed by the hurricane as well. And they gave me this fantastic quote to think about, consider your entire city a potential point of failure. And that applies to remote backup and web hosting services too. That's a great point, Elliott. So what was that point again? Test what? Test your backup before you need them. That's a great point to hit home. If you leave with nothing else but that, I think that's great advice. And then finally, we're going to talk really briefly about human-made disasters. And I think that Chris is going to be extrapolating on this a little bit. But protect your critical organization logins. Here at TechSoup Global, we have a policy that has actually saved us quite a number of headaches. And that's for anything that directly impacts the users. We don't store the passwords on our computers. For example, if I need to log in to our FTP site to make a change to our website, I have to type in the password every time I don't check to save this password. Again, it's not foolproof, but it's saving me from causing a disaster by my own human error. Use multiple passwords for the administrative privileges on different computers. This is for a lot of reasons, but it's especially that if there is some kind of security breach, you really want to minimize the damage of that security breach. And having multiple passwords for your different computers and your different databases is a huge way to do that. And finally, don't use those same passwords that you're using for your administrative rights on your computers and for your databases. Don't use those same passwords for the news and logins, which means the password that you need to log in to the New York Times website. It's not because you don't trust the New York Times website. It's because every time you type your password out there on the Internet, it's another possibility for something bad to happen either out of malicious intent or out of simple human error. There's a lot more information about this on this TechSoup article, Password Tips for Privacy, so I would encourage you to check that out. Oh yes, your end of employment policy. And this is something that's partly an HR issue, but it's also really an IT issue. And this is something that I would recommend you have available to your staff and volunteers if they want to see it while they are still working there. Archive former employees' email. Don't delete it. And forward their address to their manager. Change the passwords. Back up to the computer, but also reformat it before giving it to another employee for a number of reasons. And keep an updated list of contact info for former employees if some kind of issue comes up that you do not have an answer to. And a point that I really want to highlight here is that these measures don't mean that you don't trust your former employees or volunteers. Rather, it's actually because you trust them and because you respect them that they deserve a smooth professional transition. That's a great point, Elliot. And I know a lot of employees use their computers at work to keep their own personal stuff on, pictures and things like that. And changing passwords and making sure that you're reformatting also ensures that their privacy is kept after they've left the organization and that that info isn't getting out to people it shouldn't. So I think leading into that, I'd love to have Chris, Chris Shipley from Meg Consulting, talk a little bit about his experiences with consulting nonprofits and how he's dealt with helping them develop plans, some examples maybe of human disasters that he's had to deal with and recover from. Chris, could you give us a little bit of your insight from your years of experience doing this kind of work? Yeah, sure. Hello to everybody from Connecticut. And I'd like to kind of take a little bit of time to help you guys define a disaster. We've heard about natural disasters, you know, big floods and hurricanes, but a disaster in my mind and how I try and help my clients define them is pretty much anything that stops you from effectively doing your job. And if we look at it that way, then there's a lot of things you can do to kind of prevent, like as we see here, some human-made disasters. Now, a human-made disaster could be something as simple as, well, the person who was responsible for changing tapes was on vacation for two weeks and nobody else was changing the tapes. So you lost two weeks worth of work if a disaster happens during that period to maybe somebody's computer gets kind of taken over by some sort of virus or malware, and then it kind of spreads throughout the whole organization causing all kinds of downtime and havoc. So I'd like to kind of reiterate the importance of passwords and how putting in policies and whatnot around computer use and information technology isn't a sign of mistrust for employees. For example, one of my clients, even today I can't convince them otherwise, they use the same username and passwords on all computers, every single one of them. So if one of the computers happens to get a virus on it or whatnot, it essentially has access to every computer on their network with the same username and password. I mean, they don't even have to know what it is. It's running as that user. So it has the ability to go out there and really just destroy everything. So having a password policy and having people use different passwords can really mitigate your risk. Testing your backups is extremely important. And you shouldn't leave it up to one person. You need cross-training in all of your disaster recovery plans. The 2x2 rule that fits for backups where you need 2 copies in 2 locations kind of fits for just about everything. You need 2 copies of the knowledge, 2 copies of the skills, 2 copies of the documentation. All of that needs to be taken into consideration because the type of disaster that happens might spread across more than one person or really be pretty bad. If you find you need to train people in the restoration, do the training. I mean, take a couple of hours out of a week and actually show somebody what they need to do. If they don't get it after the first time, do it again. Can't stress that enough. Don't be frustrated. Don't give up. You just got to have the knowledge spread out. So to kind of sum that part up, a little bit of policy and a little bit of training can really prevent a loss of time, money, and data. We have some resources on some later slides that will be emailed to you that have links to some security policies that are freely editable from the Sands Institute. So if you were wondering what a heck do you get a start, there are plenty of policies there. TechSoup itself has a lot of resources about policy creation. And lastly, I just want to share one more story of a client of mine who, they're out in Rhode Island, and they just moved into a brand new building. So they kind of know like they planned everything out, they have enough space for the room. It's really nice. And they called me up last month because their air conditioner leaked over all of their servers. And all they had to do was to have the servers on the other side of the room because it was underneath a sprinkle head basically. Not saying you shouldn't have sprinklers in your server room, I mean you've got to be able to suppress fire. And there are other ways to do that in a server room that won't short everything out, but they can be really expensive. But you also want to do things that you can prevent. So having sensitive equipment underneath potential water leaks is a bad idea. That is a great point, Chris. And I think we can all agree that that's probably not the smartest way to plan. But it's really easy to overlook things like that when you're just putting stuff in and trying to get your organization set up if you're opening up a new office. It's really, I think, easy to overlook locational issues like that that could cause problems. We had something, Bruce. There's a lot going on when you're moving into a new building. You can really lose sight of some of that stuff, absolutely. For sure. We had Bruce just chatted into us saying that they had a disaster, but they had their user data and passwords and software backed up, but the setup for their services and the server layout and all the little pieces took weeks to rebuild from the ground up. So I think it was really important to remember having the backup for all of your things, having the documentation, training your staff, and having that cross training. And I think one point that's important to remember as well is making sure that you do that outreach and education part as well so that your constituents and your supporters, your users, your community know where to find the info in the event that you are shut down for some emergencies so that that's communicated to them ahead of time before there's any disaster so they know where to find you and how to get in touch so that you don't have to stop doing your job hopefully while you get things back up and running. All really great points. So I'd like to skip back to Michelle a little bit if we could just to have her talk briefly about what she's done now to improve their system because we have a couple of examples of organizations that have gone through other disasters and have come back and really revamped their whole system. So I would love to hear a little bit about the changes that you made to your initial disaster plan to make it stronger, more effective, and ensure that if it ever happens again that you'll come through it a lot easier. So Michelle, can you speak to that for a moment? Sure, I'd be happy to. The first thing was to actually have a written plan. And I know that may sound simple, but it wasn't. It took quite a while to find a good template which was about 18 months. And our template, the one from TechSoup is great. It has a lot of really good in-depth things. The one that we ended up working with was before we TechSoup had one, but it was just a good basic general 18-page template that said, think about these things. And so the first thing was to actually have a written plan. The second thing was all of our electronics are off the floor. We no longer have the towers. Everybody has laptops so that we can move them if we need to move. And we also got a shared hard drive, an external hard drive, and everyone is linked to that and all of their backups can be on that. And it's also a grab-and-go, so I can pick it up and go if we need to. All of our payroll functions were put online. We're preparing to move all of our accounting online so that we can access it. Everything is moved up four inches off the floor and all of the storage containers are plastic and water resistant or water tight. We did not have a website before. We do now. The grab-and-go binder, as I said, that was a biggie for us. And that was pretty much it. The other thing I would like to point out is once you do a disaster plan, don't stick it on the shelf and forget about it. You need to revisit it like you do all of your policies and programs periodically and tweak it because your plan should be always evolving and you also need to communicate with the other agencies that affect you and make sure that you're aware of changes to their plan so that you can have input in how it's going to affect your organization. That's a great point, Michelle. I know when we were doing some of our planning discussions around this we talked a bit about how it's really easy to underestimate the expense and cost, and that most budgets don't include a rainy day fund because you just kind of think it's not going to happen. And you schedule into your check planning how frequently you anticipate that you'll need to replace a computer or a laptop or a server. And you try and budget that way, but that some sort of unexpected thing happens and you have to come up with an extra $3,000 to replace your server and $10,000 to replace the laptops and computers in your office. And all of a sudden you're draining lots of other parts of your program budgets or administrative budgets to be able to fix all of these things. So I think that was a really great point in our planning discussion as well to think about not just keeping your disaster plan as a frequently visited topic, but making sure you're thinking about it when you're planning your budgets, when you're making sure that you have the funds to help you out if you end up having some sort of disaster, whether big or small. It's always more expensive than you'd like it to be because we'd all love to just avoid disasters in the first place. So, no problems. Thank you because I had forgot about that. That was a key point was putting in a disaster fund for us for our operations in our budget because when a disaster is going on, you don't know what else is going to be going on and the other resources might be very, very tight for everybody. And so having a budget and that money set aside is a huge blessing. That's great. Well, and we also have an example of what worked for one of our partner organizations, the Freestore Food Bank which was one of the winners of our TechSoup Microsoft Show Your Impact Story Contest. And Elliot actually talked to them quite a bit about what worked for them when providing services and crisis times for other people, but also in recovering from their own disaster. Thanks, Becky. I just want to cover this really quickly so we still have ample time for questions. But I really like this story and I think that it's a pretty elegant example of what I was talking about earlier that yes, this is about disaster planning, but it's also just about deepening your nonprofit's impact. This organization, the Freestore Food Bank in Cincinnati, they had a number of issues in their IT infrastructure that they had to deal with. For email, they were using sort of a mishmash of personal web mail services. They were using different operating systems in their different locations throughout the city. And the backup strategy was lacking in some components. And they improved all of these things. They used Data Protection Manager actually which is an enterprise level backup and recovery and maintenance server. And they used that to have multiple backups in multiple locations throughout the city. And lo and behold, after they had done all of this work, they had a windstorm come through the city that took out power for several days in many parts of the city and destroyed one of their servers. They were able to rebuild while continuing to do the work that they do much more quickly than if they hadn't done any of these things in the first place. That's a great example. And to add on to the examples, I would love to just go through some of the resources that we have available. Somebody asked earlier during the chat whether we could talk about any free or low cost samples and templates of how to do this kind of work and not to toot our own horn, but I really think our disaster planning recovery toolkit is really fantastic now that it's been completely rewritten and updated. It has great templates, downloadable Excel files that you can customize for yourself and use in your own office and some good examples of how to do it right and hopefully get you set up to really weather any storms so to speak. Here are a number of other articles. Again, you'll receive links to all of this in the follow-up email so you don't need to try and scribble them down right now. Specific articles on Unified Communications, backing up data, how to automate online backup, and sharing resources. I'm sorry, I'm not sharing resources, but we have a list of all of these resources and many others that have been tagged with the TSDP tag and delicious. So if you have resources you'd like to share as well, you're welcome to tag them that way so they appear on that page. We'll have links to all of this again in the follow-up. The resource that Chris had mentioned earlier was the Sands Institute and they also have editable IT policies and disaster planning templates. Chris, do you want to talk about Iron Key for just a second to give people an idea of how that can be used as part of your disaster planning? Chris Sure. Elliott mentioned in the book about using a USB flash drive as one of your backups for your documentation and then encrypting that. Well the Iron Key is a hardware encrypted USB flash memory card. It has a lot of great features to it, but the fact that the encryption is already built into it and it's really bulletproof encryption makes it a lot easier to encrypt everything that you put on it. So it's a great way to do that. That's great. The last two links on this page are just links to Volunteers in Service to Others where Michelle is the Executive Director and that made consulting where Chris is the principal. Now I'd like to open it up for some questions for all of our presenters. So feel free to chat your questions in via the chat bar on the right and we can go ahead and get started. We have a couple that have already been asked. So I guess how about go to Elliott for this one. Any recommendations for how to organize your documentation? That's a good question. I guess the immediate response that I would say is to use the worksheets that are available in the Handbook that really go through listing in a thorough way how your infrastructure is set up, where your servers are, where your desktops are, where other data on other computers out in the world is. There's something else I was going to say in there. I think that they're one pretty thorough way of documenting all of that information. There's also in the toolkit there's a whole other set of worksheets that another organization out there created for libraries to document their infrastructure. So for libraries as well as archives, I would recommend checking that out. That's great. I do believe we have quite a few libraries on the call with us. Michelle, do you think you could talk a little bit about how you put your go book together? That sounds pretty like an interesting name for it. I like the go book idea. But what do you actually have in there? Is it all the components that Elliott mentioned? Most of them are very, very similar. It has all of our software key codes. It has the main contact list. We actually have on our board a disaster committee that has specific jobs. So it lays out the board members and what their job is and the actions that they're supposed to take. As if utility companies have to be called calling the weather, the media companies and letting them get the information as far as what's happening. It also has, I'm kind of flipping through it as we're talking about, the main contacts for fire department, EMS, the Cook County Disaster Director and all those different types of things we need to do. It's got the information for our payroll service, the information, all of our insurance policies and binders, an inventory of our software along with the licenses, who we call for the phone system, a listing of all of our grants which is really important and the contact information for those. A copy of our recent 990s. That's a lot of good stuff. You think it's a lot, but it's really that, it is so important to have that information. Along with MAP, the other information is possible sites. If we have to relocate and go to another place, what other sites that might fit our need that we would be able to use? Just listening to the information that Michelle is listing there, I really want to reiterate that all of the things that she's listing are of course things that everybody has stuck in emails somewhere or in various binders and books spread throughout the office. You'll really thank yourself for collating that information and putting it together in a usable form now as opposed to when it's really in need. We have Michael Murphy who just chatted in saying, how about making the grab-and-go book a RAM drive that stays in sync with the important file. That way changes can be made and they are automatically synced. All you have to do is grab the key. Chris or Elliot, do either of you want to respond to that and see what do you think about that idea? I always wanted that. I think that's a fine idea as long as you do actually have that hard copy backup because even a USB stick or something like that, those can fail too. Having a nice paper copy also helps. So 2x2 of everything. So have your RAM and have your paper. And Michelle, I have to say that I love that you keep your grab-and-go book on your desk while doing this webinar so it must really be handy enough for you to grab-and-go. So we have another couple of questions here. I think maybe Chris, you could manage this one. Do any of the presenters have recommendations for online data storage sites for Mac OS X? That's familiar. Actually, I reviewed a bunch of these just for my own clients. The one I settled on that I liked the best for its features was Mozi. So if you go to mozi.com.com pro, they have some backup for OS X. The other one that I know handles OS X is Carbonite. You may or may not prefer that over Mozi. But they both do automatic backup in the backgrounds. You don't have to think about it. Oh, how do you spell Mozi? You spell Mozi mozi.com pro. So they both kind of work in the background. You can tell them to encrypt the files. And that would be a good way to get people to back up to one centralized location. It's a great idea. Thank you for answering that. We have Michelle asking, how can we encourage mobile employees as well as looser folks like contractors and volunteers to back up on our structures? She says, we have someone who travels internationally, uses his own computer and Apple, and we're mostly PC. He's not too tech savvy, so it's really hard to catch him and he's a bit resistant. So any suggestions from folks on how to get non-organizationally owned equipment backed up and included in your backup systems? How to encourage people to adopt? Backing up as a regular part of their habits? Yeah, actually we'll probably go into more detail in this next week's seminar on backup itself. But there are some pretty nice programs that if you have some sort of VPN connection for that person to get back to your servers already, you can do automatic file synchronization so it's not something they have to really think about. The other option is if you have one of these online off-site backup services like Mozi or Carbonite, you could purchase an account for them as well and say, could you please at least select the folder that used to all our documents and to back up to that as well. That's a great suggestion, Chris. I'll speak from a little bit of my experience of having an executive director before who was really resistant to technology. She knew we needed it. She knew it was important, but she didn't really want to have to do any of it. And she was really difficult to get to back up her equipment. And so we actually had one of our — we used a contractor at that point. We had the contractor set it up so that she couldn't physically shut her computer off without the pop-up box making her backup her primary folder. So we sort of forced it on her because otherwise all of the really important, particularly grant-related and fundraiser-related information that she stored only on her computer could have been lost. And we just couldn't afford to have that happen. So we created some systems to sort of force it. So I think if people are really difficult, there are mechanisms to make that implementation happen. We have another question, and this one I think I'll field to Elliot. And somebody asked — Robert asked about, can the Twitter updates that you used in your example page, can those be embedded into any website? And how do you do that? Those can be embedded into any website. No, we could talk longer about this than is really necessary. What I was using on that example website is a simple JavaScript. So any web server that is JavaScript compatible, there are other ways of doing it out there. I've seen a really slick one that uses PHP to accomplish the same thing. The important point there is that you don't have to do anything on your own website to make those updates appear on your site. So for example, if you don't have access to the Internet but you need to post important information onto your site, you can just send it to your Twitter feed via text message using the same concepts. And we talk about this in the book a little bit. Using the same concepts, you could also put other things on your website as well. For example, let's say that your Facebook group page is the place where everybody is talking about the recovery process. You could actually have the RSS feed of that Facebook group page be ported onto your website as well. And again, there's no updating that has to happen on your part. It would all happen automatically. That's great. And I know here at TechSoup we have our primary TechSoup.org blog is hosted on a separate domain. So if our main website goes down, we can post a message to our blog and that's sent out through all of our RSS feeds and updates places like our Twitter feed for the organization and our — I'm sorry about that. I thought I was talking and I was muted. I apologize for that. I was just adding onto Elliott's comments that here at TechSoup we use our blog as a place that we frequently announce any site outages or technical issues that we might have because it's hosted on a separate domain and it updates our RSS in all of those various locations. Our Twitter feed is updated. Our Facebook page is updated. So we use that as one of our primary conduits by which to announce any problems we might have on our regular website. We also have Michael Rankini asking about what about using spare computer equipment in the event of a disaster? Is there a way to transfer stuff, use old equipment and make it a server? Chris, maybe you could talk to that a little bit. Yeah, a lot of what I'm doing with clients these days is kind of virtualizing their production servers. So what that does is kind of make a file and that runs on some nice server hardware. But in the case of a disaster or something like that you can kind of repurpose a desktop to run those same files. So that's one way to do it. Another would be making sure some of that older equipment is kind of just ready to go as a desktop even or something like that. You can file share on a Windows XP Home or Windows XP Pro or even Vista Home or Vista Business up to 10 computers can connect to another one. So if you need to get a little network up really fast you could use those for that. That's great. That's a really good suggestion. So we are just about done here so I want to let people know about our second part of our series on disaster planning. We'll take place next week and it's going to be focused more in-depth on different backup systems and how to set up backup systems, what types they are available. So please take a minute to register for that if you are available. If you aren't available you can still register for it and you'll get an email with all of the follow-up information. And you can always look on our site and find the archived recording once it's done. We welcome you to continue the discussion by either continuing to Twitter about it with our hashtag, pound DTSDP, or by asking follow-up questions in the Tech Planning Forum which Chris and Elliot and I will all be kind of hanging out in later this afternoon. I'd like to thank Chris, Michelle, and Elliot for giving these great presentations for our audience, and then Tammy Griffiths for managing the chat. We'd also like to take a second to thank our planning partners who helped support this project. Cisco is one of them. Collaborating agencies responding to disasters or CARD here in Oakland has been a great partner to us as well, and One Northwest. They all have helped us develop this disaster planning guide and all of these resources presented today. Take a moment when you have a chance to get the most out of TechSoup by looking at articles in our Learning Center, many of which we've linked to here today including our disaster planning toolkit. You can also request donated software if you're a 501c3 registered nonprofit or public library. Join conversations in our community forums, and browse for upcoming events like more of these webinars. I'd like to thank our sponsor, ReadyTalk for helping us plan these webinars and supporting us in giving us this donation of this webinar tool to use. Thank you so much to everybody who participated. We really appreciate it. So thanks a lot, Chris, Michelle, and Elliot. Thank you. Thank you, everybody. Thank you much. Have a great day. Thank you. Please stand by.