Brace for Impact: School Data and Disasters

#Data Read time:
School leaders take their roles as steward of student data extremely seriously. When it comes to protecting data in the midst of a disaster (natural or otherwise), what can you learn from successful districts? 

 

Assemble your team

Which people need to be notified, and in what order?

Before any other planning happens, brainstorm the people who need to be notified if anything should go awry with a data center. Even something as minor as a power outage may have devastating effects. 

Your team’s structure depends on the way your staff is structured. Chief technology officers and their direct reports will likely be making these types of calls, but everyone who works with student data will be interested in updates. A communication pro might help if the situation is serious enough to reach out to the community. 

After your team has been identified, their next step is to gather the external contacts for your systems, service providers, and utility companies. Finally, identify any community members who need to be informed. 

Check this roster often, particularly when turnover happens. Especially for third parties and providers, keep contact information up to date and in a central location to avoid scrambling in the moment—a moment which may or may not include wi-fi or landline phone service.

 

Define your terms

Which threats are most likely and what might be impacted?

The data disaster team’s first order of business is to imagine the worst, so they can prepare a response plan. Which disasters are most likely (historically or otherwise) in your area? Where is the data center located? A disaster plan will look wildly different in a hurricane-prone coastal district than it will in the Midwest.

Next, the team must determine how many machines, buildings, and people might be impacted. Take a baseline inventory of all data storage before assigning a priority level. Identify where all backups are located (and if you’re not using the 3-2-1 backup method, now’s a great time to get started).
Finally, make a strong link between this data disaster plan and your crisis communication plan. If that plan is still in the works, at the very least be able to answer three basic questions:

1. What happened?
2. How did it happen?
3. What will be done about it? 

These questions can also guide your response plan prioritization.

 

Prioritize your response

Which actions are priority one, and which comes next?

Once the terms are set, it’s time to agree upon goals and objectives. It never hurts to establish a mission statement to keep everyone focused on the task at hand. An example might be:

“In the event of a disaster, our mission is to stabilize the data center, recover any lost data through a combination of backups, and communicate the status with district staff and the greater community.” 

Prioritize the places to begin work when time is of the essence. Prioritization of network components may look something like this:

Highest priority: network security and operations (firewall, switches, wiring components, main servers that contain critical operational data)
Medium priority: web server, web filter, email server, network print services, desktop computer of critical personnel
Low priority: instructional computer labs, desktop computers and individual peripherals

Once the team has established priorities, detail the processes and backup strategies involved. These are probably different depending on whether they include hardware (such as VoIP phones) or are cloud-based (such as software systems). It never hurts to reiterate contact information embedded directly in the response process. 

Again, never rely on an ability to search the internet or use other technology. List this crucial information in hard copy in multiple locations.

 

Test and update often

How will this be tested?

Anyone who makes plans of this nature hopes they’ll never be put into place, but be sure to go through the motions and drill the process well before a threat is identified. Practice will make your data recovery plan feel less cumbersome, and you may find flaws in the original plans once they are tested. Build in an opportunity to update the process as new systems, team members, and concerns come into play.

There’s no substitute for preparation when it comes to disasters. Protect your irreplaceable data as you would any other asset. 

Follow-up resource: When to purge student records

Which records are expected to be permanent, and which can be purged? This guest post on records retention shows the way.

 
Share this story: