Professional Documents
Culture Documents
Communication Checklist: Manager On Call (MOC)
Communication Checklist: Manager On Call (MOC)
Communication Checklist: Manager On Call (MOC)
Communication Checklist
This document provides a high-level overview of the communication flow that needs to take place during a Severity 3 (Sev 3), once a Sev 3 has been declared.
<<University>> IT divisions will assess incidents as normal – once elevated to a Sev 3, initiate this checklist.
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
2 Provide customers with IMOC-supplied information Provide customers with IMOC-supplied information. If
<<University>> center is not open, MOC for affected department(s) is
IT Customer responsible for this communication.
Contact Ensures MOC(s)/MOC Designee of affected Ensures MOC(s) of affected department(s) was notified
Centers department(s) was notified and is aware of the situation. and aware of the situation.
Notifies both service center staff members.
Provides guidelines for customer communication as Provides guidelines for customer communication as
determined by the IMOC, MOC, and Communications determined by the IMOC, MOC, and Communications
Manager or other key players as needed based on Manager or other key players as needed based on
incident type. incident type.
Triages calls and provides updates as requested by Triages calls and provides updates as requested by
MOC. MOC.
The Center serves as a hub to coordinate the The Center serves as a hub to coordinate the
communication with customers and IT contacts. The communication with customers and IT contacts. The
center is effective at handling this communication. Center is effective at handling this communication.
Keeps the customer list up-to-date and monitors the Keeps the customer list up-to-date and monitors the
service impact by customer base through direct service impact by customer base through direct
customer contact. customer contact.
Periodically checks in with customers to assess the Periodically checks in with customers to assess the
situation (Are fixes working? Are users still situation (Are fixes working? Are users still
experiencing problems?) – be sure to include faculty, experiencing problems?) – be sure to include faculty,
staff, and students in relevant locations. staff, and students in relevant locations.
Incident Management & Communication
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
3 Evaluates the situation and gathers all the facts from Evaluates the situation and gathers all the facts from
Incident MOC. MOC.
Manager On- Notifies CIO and Directors (5,7). Notifies CIO and Directors for after hour incidents.
Call (IMOC) Initiates IMOC Phone Bridge, if necessary Initiates IMOC Phone Bridge, if necessary
<<Phone Bridge number>> <<Phone Bridge number>>
Call Information Security MOC to review situation and Calls in Information Security MOC to review situation
determine if there has been a breach [SKIP this step if it and determine if there has been a breach [SKIP this step
is clear that the event is NOT security related; see next if it is clear that the event is NOT security related; see
page for detail]. Information Security Office will make next page for detail]. Information Security Office will
one of three decisions (see item 6 for details): make one of three decisions (see item 6 for details):
1. Security Controlled 1. Security Controlled
2. Security Related 2. Security Related
3. No Security Impact 3. No Security Impact
Engages Communications Manager and Scribe (8,9). Coordinates CHRON and scribe duties. Calls in staff for
Contact Production Control MOC to review impact of communications and scribe duties if needed.
incident with scheduled production jobs. Internal Contact Production Control MOC to review impact of
communication should reflect potential impacts. incident with scheduled production jobs. Internal
Notifies University IT or directs the Communications communication should reflect potential impacts.
Manager to send out notification (11). . Communicates with key people & customers during
Communication should provide a brief of the situation, event.
what the solution is, and if the event is still ongoing. Prepares a communication for release to University IT
May use Mass Notification if deemed necessary. and external groups in early AM next business day.
Provides regular updates to the CIO office. Communication should provide a brief of the situation,
Schedules and leads post-mortem/de-brief session. what the solution is, and if the event is still ongoing.
May use Mass Notification if deemed necessary
Meets next morning AM with communications manager
to discuss future communications and follow-up (if
required).
Schedules and leads post-mortem/debrief session.
Incident Management & Communication
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
4 Technicians will be required to be on-site unless otherwise Technicians will be required to be on-site unless otherwise
IT Technical directed by the IMOC or MOC. directed by the IMOC or MOC.
Staff / If MOC determines, technicians can forward internal calls
Technicians on for short periods of time.
Call Troubleshoots problem and begins working on Troubleshoots problem and begins working on
solutions. solutions.
Retrieve Technical Recovery Guides (TRG’s) for Retrieve Technical Recovery Guides (TRG’s) for
services affected. services affected.
Provides regular updates to MOC. Provides regular updates to MOC. If off-site, calls into
MOC Phone Bridge if needed
Participates in vendor calls as needed. Participates in vendor calls as needed.
Periodically checks in with other IT staff members to Periodically checks in with other IT staff members to
assess the situation – be sure to include members in assess the situation – be sure to include members in
other locations. other locations.
Periodically checks in with customers to assess the Periodically checks in with customers to assess the
situation (Are fixes working? Are users still situation (Are fixes working? Are users still
experiencing problems?) – be sure to include faculty, experiencing problems?) – be sure to include faculty,
staff, and students in relevant locations. staff, and students in relevant locations.
Avoid incoming customer calls. These are distractions Avoid incoming customers calls. These are distractions
to solving the issue at hand. If they are calling your to solving the issue at hand. If they are calling your
phone, route them to the Call Centers (2). phone, route them to the Call Centers (2).
Do not speak with internal or external media. Direct Do not speak with internal or external media. Direct
them to <<University>> Communications. them to <<University>> Communications.
5 May be onsite or working from home as determined by
IT Director - of MOC.
Participates in discussions lead by MOC and IMOC.
affected unit(s) Participates in discussions lead by MOC.
Provides support to technical teams.
Provides support to technical teams.
Provides any other support that may be needed to help
resolve the incident. Provides any other support that may be needed to help
resolve the incident.
Incident Management & Communication
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
7 Receives details about incident from IMOC. Receives details about incident from IMOC.
CIO’s Office Provides incident brief to Provost and President (12,13). Decides if the Provost and President should be notified
Provides business perspective (big picture) for the before the start of the next business day.
incident. Gathers with IMOC next business day morning to
review event and provides business perspective (big
picture) for the incident.
8 Gathers details about incident. Picks up the next business day to continue on-going
Communication communications (internal and external) or to assist in
Crafts messages for internal and external use.
Manager and/or closing out the incident.
Identifies appropriate communication channels.
Other If incident is closed:
Deploys communications according to incident
Designated IT Sends final communications if closed.
timeframe through identified channels/Working with
Employees MOC and IMOC. [All Channels] Identifies channels for post-incident follow-up and
(Set up where main helps prepare messages for those channels.
Provides guidelines for communications to the
communication is
taking place) Customer Service Centers and to the IT Admins so they Retain copy of all communications for debrief session
can handle calls appropriately and deliver the same and for audit purposes.
message (2,10). If incident is still open:
Identifies channels for post-incident follow-up and Gathers details about incident and reviews CHRON.
helps prepare messages for those channels.
Crafts messages for internal and external use.
Retain copy of all communications for debrief session
Identifies appropriate communication channels.
and for audit purposes.
Deploys communications according to incident
timeframe through identified channels/Working with
MOC and IMOC. [All Channels]
Provides guidelines for communications to the
Customer Service Centers and to the IT Admins so they
can handle calls appropriately and deliver the same
message.
Identifies channels for post-incident follow-up and
helps prepare messages for those channels.
Retain copy of all communications for debrief session
and for audit purposes.
Incident Management & Communication
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
9 Takes detailed notes during event to help complete the Picks up in the AM of next business day.
Scribe CHRON and serve as a record of the event. If incident is closed:
(Set up where main Types up info in CHRON template and distributes to
communication is Types up info in CHRON template and distributes to
team at regular intervals during incident. team at regular intervals during incident.
taking place)
Prepares and send final CHRON at close of incident. Prepares and send final CHRON at close of incident.
Provides this info for debrief meeting. Provides this info for debrief meeting.
If incident is still open:
Reviews CHRON already completed.
Continues CHRON and takes detailed notes during the
event.
Types up info in CHRON template and distributes to
team at regular intervals during incident.
Prepares and send final CHRON at close of incident.
Provides this info for debrief meeting.
10 In the AM of next business day:
IT Office Uses guidelines for communications to customers when
Uses guidelines for communications to customers when
Admins responding to calls that may come in from various
areas. responding to calls that may come in from various
areas.
11 In the AM of next business day:
IT Staff Uses guidelines for communications to customers when
Uses guidelines for communications to customers when
Members responding to calls that may come in from various
areas. responding to calls that may come in from various
areas.
12 Receives regular updates from CIO.
Provost Disseminates info as needed to key staff members.
13 Receives regular updates from CIO.
President Disseminates info as needed to key staff members.
14
Other
University
Executives
Incident Management & Communication
Management Steps
Communication Flow
Normal Business Hours (8:00am – 5:00pm) After Hours
15
Students
16
Faculty /
Departments or
Divisions
17
University Staff
18 Participates as required by incident. Participates as required by incident.
University
Security
19 Participates as required by incident. Participates as required by incident.
University
Facilities
20 Participates as required by incident, specifically when Participates as required by incident, specifically when
University security related. security related.
Legal
21 Participates as required by incident, specifically when Participates as required by incident, specifically when
University HR security related. security related.