Emergency IT Activation
Emergency IT activation deploys technology resources at accelerated speed when humanitarian crises demand rapid organisational scaling. This playbook governs the transition from normal IT operations to surge mode, covering cloud resource provisioning, pre-positioned equipment deployment, temporary staff account creation, and inter-agency coordination requirements. Execute this playbook when emergency declarations trigger operational scaling that exceeds normal IT capacity planning thresholds.
The procedures here differ fundamentally from standard capacity planning. Normal provisioning assumes weeks of lead time, procurement cycles, and gradual onboarding. Emergency activation compresses these into hours or days, accepting calculated risks and technical debt in exchange for operational speed. You will make trade-offs that would be unacceptable in normal operations. Document these decisions for post-emergency remediation.
Activation criteria
Invoke this playbook when any of the following conditions are met:
| Trigger | Threshold | Verification source |
|---|---|---|
| Organisational emergency declaration | Level 2 or Level 3 emergency declared | Emergency Management Team notification |
| Surge staffing request | More than 20 additional staff within 14 days | HR surge roster activation |
| New operational location | Field presence required within 7 days | Programme leadership request |
| Inter-agency coordination | Cluster activation or joint response | Humanitarian Coordinator notification |
| Existing infrastructure failure | Primary systems unavailable for more than 24 hours during active response | IT incident management escalation |
Authority verification
Confirm emergency declaration through official channels before activating surge procedures. Verbal requests require written confirmation within 4 hours. Unauthorised activation consumes emergency reserves and creates audit exposure.
Roles
| Role | Responsibility | Typical assignee | Backup |
|---|---|---|---|
| IT Emergency Coordinator | Overall IT surge coordination, resource allocation decisions, leadership reporting | IT Director or IT Manager | Senior Systems Administrator |
| Technical Lead | Infrastructure provisioning, system configuration, technical problem resolution | Senior Systems Administrator | Infrastructure Engineer |
| User Services Lead | Account provisioning, device deployment, user support coordination | IT Support Manager | Senior Support Analyst |
| Communications Lead | Stakeholder updates, documentation, inter-agency IT coordination | IT Manager or Communications focal point | IT Emergency Coordinator |
| Finance Liaison | Cost tracking, emergency procurement authorisation, donor allocation | Finance Manager | IT Emergency Coordinator |
For organisations with single-person IT functions, the IT staff member assumes IT Emergency Coordinator, Technical Lead, and User Services Lead roles. Engage external support through managed service providers or inter-agency IT working groups for capacity beyond individual capability.
Phase 1: Immediate assessment
Objective: Determine surge requirements and available resources within 4 hours of activation Timeframe: 0 to 4 hours
Acknowledge emergency declaration and confirm authority
Obtain written confirmation of emergency level, geographic scope, and expected duration. Record the authorising official, timestamp, and emergency reference number. This documentation is required for emergency procurement and post-incident audit.
Emergency Activation Record --------------------------- Declaration level: [L2/L3] Emergency reference: [ORG-YYYY-NNN] Authorised by: [Name, Title] Authorisation time: [YYYY-MM-DD HH:MM UTC] Geographic scope: [Countries/regions] Expected duration: [Days/weeks/months] IT Coordinator: [Name]Convene IT emergency team
Contact all role holders within 30 minutes of activation. For out-of-hours activation, use the emergency contact cascade. If primary role holders are unreachable within 60 minutes, escalate to backups. Establish a communication channel dedicated to the emergency response.
Initial team briefing covers:
- Emergency scope and timeline
- Known IT requirements from Programme
- Current IT resource availability
- Immediate constraints or blockers
Assess surge requirements
Gather requirements from Programme leadership, HR, and Logistics within 2 hours. Quantify the following:
Requirement category Information needed Source Staff surge Number of new staff, deployment locations, start dates HR surge roster Location requirements New offices/sites, existing site expansions Programme/Logistics System requirements Applications needed, data access, integration points Programme technical leads Connectivity requirements Locations, bandwidth needs, timeline Logistics/Field coordinators Security context Threat level, data sensitivity, operating restrictions Security focal point Inventory available resources
Document current capacity against surge requirements:
+------------------------------------------------------------------+ | RESOURCE INVENTORY | +------------------------------------------------------------------+ | | | PRE-POSITIONED EQUIPMENT CLOUD CAPACITY | | +------------------------+ +------------------------+ | | | Laptops: [nn] units | | Current spend: $[nnnn] | | | | Tablets: [nn] units | | Budget limit: $[nnnn] | | | | Phones: [nn] units | | Available: $[nnnn] | | | | Network kits: [nn] | | | | | | Satellite: [nn] units | | Auto-scale headroom: | | | | Location: [site] | | Compute: [nn]% | | | +------------------------+ | Storage: [nn] TB | | | +------------------------+ | | LICENCE AVAILABILITY | | +----------------------------------------------------------+ | | | Microsoft 365: [nn] unassigned | Google Workspace: [nn] | | | | Collaboration tools: [nn] | Security tools: [nn] | | | +----------------------------------------------------------+ | | | +------------------------------------------------------------------+Identify resource gaps
Compare requirements against inventory. Calculate shortfalls:
- Device gap = Required devices − Available pre-positioned − Redeployable from other sites
- Licence gap = Required users − Available licences − Emergency allocation from vendor
- Connectivity gap = Required sites without planned connectivity solution
For each gap exceeding procurement lead time, identify alternatives: rental equipment, partner loans, degraded service acceptance.
Decision point: If resource gaps cannot be closed within required timeline, escalate to leadership for scope adjustment or additional funding authorisation.
Checkpoint: Before proceeding to Phase 2, confirm:
- Surge requirements documented and agreed with Programme
- Resource inventory complete and verified
- Gap analysis completed with mitigation options
- Finance Liaison briefed on expected costs
Phase 2: Resource mobilisation
Objective: Deploy IT resources to meet surge timeline Timeframe: 4 to 48 hours
Activate emergency procurement
Emergency procurement bypasses standard approval workflows when authorised by emergency declaration. Document the emergency reference on all procurement requests. Thresholds for emergency IT procurement without additional approval:
Item category Single-item limit Aggregate limit per emergency End-user devices $2,000 $50,000 Network equipment $5,000 $30,000 Cloud services (monthly) $3,000 $20,000 Software licences $1,000 $15,000 Telecommunications $2,000 $25,000 Amounts exceeding these limits require Finance Director approval within 24 hours, obtained verbally with written confirmation to follow.
Deploy pre-positioned equipment
Pre-positioned emergency kits contain standardised configurations ready for immediate deployment. Release equipment from storage within 4 hours of authorisation.
Standard emergency kit contents:
FIELD DEPLOYMENT KIT (1 of N) +----------------------------------------------------------+ | | | COMPUTE NETWORK | | +--------------------+ +--------------------+ | | | 5x Laptops | | 1x Router/firewall | | | | (pre-imaged) | | 1x Access point | | | | 2x Tablets | | 1x 4G/5G modem | | | | (MDM enrolled) | | 8x Ethernet cables | | | +--------------------+ +--------------------+ | | | | POWER CONNECTIVITY | | +--------------------+ +--------------------+ | | | 1x UPS (1500VA) | | 1x Satellite | | | | 5x Power strips | | terminal | | | | 2x Extension leads | | 2x SIM cards | | | | Adapters (travel) | | (data-enabled) | | | +--------------------+ +--------------------+ | | | | ACCESSORIES DOCUMENTATION | | +--------------------+ +--------------------+ | | | Cables, chargers | | Setup guide | | | | Carrying cases | | Support contacts | | | | Locks, security | | Inventory sheet | | | +--------------------+ +--------------------+ | | | +----------------------------------------------------------+Equipment release procedure:
- Verify kit inventory against manifest
- Record serial numbers and assignment
- Update asset management system
- Arrange logistics for transport to deployment location
- Confirm receipt at destination within 24 hours
Provision cloud resources
Scale cloud infrastructure to accommodate surge. Execute pre-approved scaling actions:
# Azure example: Scale web application az appservice plan update \ --name emergency-response-plan \ --resource-group production \ --sku P2V3 \ --number-of-workers 4
# AWS example: Increase Auto Scaling group aws autoscaling update-auto-scaling-group \ --auto-scaling-group-name prod-web-asg \ --min-size 4 \ --max-size 12 \ --desired-capacity 6Set budget alerts at 50%, 75%, and 90% of emergency allocation. Cloud cost tracking must be tagged to emergency reference for donor reporting:
{ "tags": { "emergency-ref": "ORG-2024-007", "cost-centre": "emergency-response", "donor-allocation": "flexible-funding" } }Secure additional licences
Contact vendor emergency lines for rapid licence provisioning. Many vendors offer emergency activation for humanitarian organisations:
Vendor Emergency contact method Typical turnaround Microsoft Nonprofit emergency line or CSP partner 4-24 hours Google Nonprofit support escalation 24-48 hours Salesforce Account executive direct 24-48 hours Security vendors Partner escalation 24-72 hours If vendor provisioning exceeds timeline, implement temporary workarounds: shared accounts (where security permits), reduced functionality, or alternative tools.
Establish emergency communication channels
Create dedicated channels for emergency coordination:
- Primary: Team channel in existing collaboration platform
- Backup: Standalone messaging app (Signal group or similar)
- Voice: Conference bridge with standing dial-in
- Status: Shared document for real-time status updates
Channel naming convention:
[emergency-ref]-it-responseEnsure all IT emergency team members have access before proceeding.
Decision point: If equipment cannot reach deployment locations within required timeline, determine whether to:
- Deploy staff without full IT kit (degraded capability)
- Delay staff deployment until IT ready
- Source equipment locally at higher cost
Checkpoint: Before proceeding to Phase 3, confirm:
- Procurement initiated for gap items
- Pre-positioned equipment released and in transit
- Cloud resources scaled and tagged
- Licence requests submitted
- Emergency communication channels operational
Phase 3: User provisioning
Objective: Enable surge staff to work within 24 hours of arrival Timeframe: 24 to 72 hours (ongoing as staff deploy)
Prepare batch account provisioning
Surge account provisioning uses streamlined templates rather than standard onboarding workflows. Create accounts in batches as HR provides staff lists.
Emergency account template configuration:
Account Type: Emergency-Surge Default Groups: - All Staff - Emergency Response [emergency-ref] - [Geographic region]
Default Applications: - Email and calendar - Collaboration platform - Document storage - Programme management system (read access)
MFA: Required (phone or authenticator) Password: Temporary, force change on first login Expiry: 90 days (extend if emergency continues)Generate accounts from HR roster:
# PowerShell example for Microsoft 365 Import-Csv "surge-roster.csv" | ForEach-Object { New-MgUser -DisplayName $_.Name ` -UserPrincipalName "$($_.Username)@org.example" ` -PasswordProfile @{ Password = (New-RandomPassword) ForceChangePasswordNextSignIn = $true } ` -AccountEnabled $true ` -UsageLocation $_.Country }Configure device fleet
Pre-imaged devices require minimal configuration. For devices requiring setup:
Task Time required Can be done remotely Autopilot/DEP enrollment 30-60 minutes Yes Application installation 15-30 minutes Yes (MDM push) User profile creation 10-15 minutes No Security baseline verification 10 minutes Yes Connectivity testing 5-10 minutes No Device preparation sequence for batch deployment:
+----------------+ +----------------+ +----------------+ | | | | | | | Unbox and |---->| Enroll in |---->| Apply | | inventory | | MDM | | baseline | | | | | | | +----------------+ +----------------+ +----------------+ | | | Asset tag | Security | Serial record | policies | User assignment | Applications | | Certificates v v +----------------+ +----------------+ +----------------+ | | | | | | | Test |---->| Package |---->| Deploy to | | connectivity | | for shipping | | user | | | | | | | +----------------+ +----------------+ +----------------+Distribute credentials securely
Temporary passwords must reach users through secure channels. Never send passwords via unencrypted email.
Credential distribution options by scenario:
Scenario Method Security level User at HQ/regional office In-person with ID verification High User in field with IT present In-person handover High User in field, no IT presence Split delivery: username via email, password via SMS Medium Remote user, no phone Password via encrypted message, identity verified by manager Medium Document all credential distributions with timestamp, method, and verification performed.
Provide rapid orientation
Emergency users need functional capability within hours, not comprehensive training. Provide:
- One-page quick start guide (email, files, key applications)
- 15-minute video orientation (if available)
- Direct support contact (not ticket system)
- First 48-hour check-in scheduled
Quick start guide template:
EMERGENCY IT QUICK START ========================
Your credentials: - Username: [provided separately] - Password: [provided separately] - Email: username@org.example
First login: 1. Go to https://portal.org.example 2. Enter username and temporary password 3. Set new password (min 12 characters) 4. Set up authenticator app for MFA
Key applications: - Email: https://mail.org.example - Files: https://files.org.example - [Programme system]: https://prog.org.example
Get help: - WhatsApp: +XX XXX XXX XXXX - Email: it-emergency@org.example - Hours: [timezone] 06:00-22:00Track provisioning status
Maintain real-time visibility of user readiness:
+------------------------------------------------------------------------+ | USER PROVISIONING DASHBOARD | +------------------------------------------------------------------------+ | | | SURGE STAFF: 45 total | | | | +-------------------+ +-------------------+ +-------------------+ | | | ACCOUNTS | | DEVICES | | READY TO WORK | | | | | | | | | | | | Created: 42 | | Assigned: 38 | | Confirmed: 31 | | | | Pending: 3 | | In transit: 4 | | Issues: 7 | | | | Blocked: 0 | | Pending: 3 | | Not started: 7 | | | +-------------------+ +-------------------+ +-------------------+ | | | | BLOCKERS: | | - 3 accounts pending HR data (names: [list]) | | - 4 devices delayed in transit (ETA: [date]) | | - 7 users not yet responded to credential delivery | | | +------------------------------------------------------------------------+Decision point: If device deployment falls behind user arrival, determine interim solutions: shared devices, personal device temporary access (BYOD exception), or reduced capability acceptance.
Checkpoint: Before proceeding to Phase 4, confirm:
- All surge staff accounts created
- Devices deployed or interim solution documented
- Credentials distributed through secure channels
- Users can access core systems
- Support contact established and communicated
Phase 4: Operations and monitoring
Objective: Maintain surge IT operations and track resource consumption Timeframe: Ongoing throughout emergency
Establish operational rhythm
Emergency IT operations require more frequent check-ins than normal:
Cadence Participants Focus Daily stand-up (15 min) IT emergency team Blockers, priorities, capacity Twice-weekly with Programme IT Coordinator + Programme leads Emerging requirements, timeline changes Weekly leadership report IT Coordinator + leadership Status, costs, risks Daily stand-up agenda:
- Issues from last 24 hours (resolved and open)
- Provisioning status (accounts, devices, connectivity)
- Resource consumption (cloud costs, licence usage)
- Priorities for next 24 hours
- Blockers requiring escalation
Monitor resource consumption
Track costs against emergency allocation daily. Cloud costs can escalate rapidly during surge operations.
Cost tracking template:
Emergency: ORG-2024-007 Period: [date] to [date]
BUDGET vs ACTUAL +----------------------------+------------+------------+----------+ | Category | Budget | Actual | Variance | +----------------------------+------------+------------+----------+ | Cloud infrastructure | $15,000 | $12,340 | -18% | | Device procurement | $25,000 | $27,500 | +10% | | Software licences | $8,000 | $6,200 | -23% | | Telecommunications | $12,000 | $14,100 | +18% | | Support and services | $5,000 | $3,200 | -36% | +----------------------------+------------+------------+----------+ | TOTAL | $65,000 | $63,340 | -3% | +----------------------------+------------+------------+----------+
DONOR ALLOCATION +----------------------------+------------+ | Funding source | Amount | +----------------------------+------------+ | Emergency reserve | $40,000 | | Donor A (grant XYZ) | $15,000 | | Flexible funding | $8,340 | +----------------------------+------------+Manage capacity constraints
Surge operations expose capacity limits. Common constraints and mitigations:
Constraint Indicator Mitigation Support overwhelm Ticket volume exceeds 50/day per analyst Prioritise by user criticality, deploy self-service guides, request partner support Network saturation Field site bandwidth utilisation exceeds 80% Implement QoS, schedule large transfers off-peak, consider additional connectivity Storage exhaustion Cloud storage exceeds 90% of allocation Archive non-essential data, increase allocation, implement retention enforcement Licence shortage Assignment rate exceeds 95% Request emergency allocation, implement shared access where permitted Coordinate inter-agency IT requirements
Humanitarian responses involve multiple organisations requiring interoperability. Participate in IT coordination mechanisms:
- Cluster IT working groups
- Common service provider coordination
- Shared platform access arrangements
- Data sharing technical implementation
Inter-agency data sharing requires technical controls matching data sharing agreements. Before enabling cross-organisation access, verify:
- Data sharing agreement signed
- User verification mechanism agreed
- Audit logging enabled
- Data classification compatible
Document decisions and exceptions
Emergency operations require decisions that deviate from standard policy. Document all exceptions:
EXCEPTION RECORD ================ Date: [YYYY-MM-DD] Emergency ref: [ORG-YYYY-NNN]
Policy exception: [Which policy/standard is being bypassed]
Justification: [Why this exception is necessary for emergency operations]
Risk acceptance: [What risks are being accepted]
Compensating controls: [What alternative controls are in place]
Remediation plan: [How this will be addressed post-emergency]
Approved by: [Name, Role] Review date: [When exception will be reassessed]Decision point: If costs exceed emergency allocation by more than 20%, escalate to leadership for additional funding or scope reduction.
Checkpoint: Ongoing validation throughout phase:
- Daily costs tracked and within tolerance
- Capacity constraints identified before critical
- Inter-agency coordination active
- Exceptions documented with remediation plans
Phase 5: Scale-down and transition
Objective: Return to normal operations without service disruption Timeframe: Emergency conclusion to 30 days post-emergency
Confirm scale-down triggers
Begin transition planning when:
- Emergency declaration downgraded or concluded
- Surge staffing reduced by more than 50%
- Field locations closing or transitioning
- Programme indicates reduced IT requirements
Do not initiate scale-down based solely on timeline. Premature reduction disrupts ongoing operations.
Plan resource reduction
Sequence matters. Reduce resources in order:
+------------------------------------------------------------------+ | SCALE-DOWN SEQUENCE | +------------------------------------------------------------------+ | | | WEEK 1-2 WEEK 3-4 | | +------------------------+ +------------------------+ | | | Cloud auto-scaling | | Surplus device | | | | Return to baseline | | Return to inventory | | | | | | | | | | Temporary licences | | Emergency accounts | | | | Release or convert | | Transition or close | | | +------------------------+ +------------------------+ | | | | WEEK 4+ | | +----------------------------------------------------------+ | | | Exception remediation | | | | Address technical debt from emergency decisions | | | | | | | | Documentation | | | | Complete records for audit and lessons learned | | | +----------------------------------------------------------+ | | | +------------------------------------------------------------------+Transition surge staff accounts
For departing staff:
- Follow standard offboarding within 24 hours of departure
- Ensure data handover before account closure
- Recover assigned devices
For staff transitioning to permanent roles:
- Convert emergency accounts to standard accounts
- Complete full onboarding training
- Reassign to appropriate groups and permissions
Return infrastructure to baseline
Cloud resources:
- Remove emergency scaling configurations
- Delete temporary resources
- Review and remove emergency tags (after cost reporting complete)
- Conduct cost reconciliation against donor allocations
Equipment:
- Collect devices from departing staff
- Inspect, wipe, and refurbish for return to emergency stock
- Document any damaged or missing items
- Replenish consumables
Conduct lessons learned
Schedule review session within 30 days of scale-down completion. Participants: IT emergency team, Programme representatives, Finance.
Review topics:
- What worked well in IT surge response
- What caused delays or difficulties
- Resource gaps that should be pre-positioned
- Process improvements for future activations
- Technical debt requiring remediation
Document findings and update:
- Emergency kit contents
- Pre-positioning locations
- Provisioning templates
- This playbook
Checkpoint: Scale-down complete when:
- All emergency cloud resources removed or converted
- Devices returned to inventory or assigned permanently
- Temporary accounts closed or transitioned
- Cost reconciliation complete
- Lessons learned documented
- Exception remediation scheduled
Communications
| Stakeholder | Timing | Channel | Message owner | Template |
|---|---|---|---|---|
| IT emergency team | Immediate on activation | Emergency channel | IT Emergency Coordinator | Below |
| Leadership | Within 4 hours | Direct briefing | IT Emergency Coordinator | Below |
| All staff | Within 24 hours | Organisation-wide channel | Communications Lead | Below |
| Affected users | As relevant | Direct communication | User Services Lead | Context-specific |
| Donors | Per reporting requirements | Grant reporting | Finance Liaison | Donor-specific |
Communication templates
IT emergency team activation:
Subject: IT SURGE ACTIVATION - [Emergency ref]
IT Emergency Team,
Emergency IT activation has been authorised for [emergency name/ref].
Declaration level: [L2/L3]Scope: [Geographic/programmatic scope]Expected duration: [Timeline]Initial briefing: [Time, location/link]
Immediate actions:- Join emergency channel: [link]- Review current capacity: [link to inventory]- Clear calendar for initial assessment
IT Emergency Coordinator: [Name]Contact: [Phone/message]Leadership briefing (4-hour):
Subject: IT Surge Status - [Emergency ref] - [Date] [Time]
SITUATION[Emergency description and IT implications]
IT SURGE STATUS- Phase: [Current phase]- Staff to provision: [Number]- Locations requiring IT: [List]- Timeline: [Key dates]
RESOURCE STATUS- Devices: [Available/required]- Licences: [Available/required]- Budget: [Allocated/estimated cost]
KEY DECISIONS REQUIRED[Any decisions needed from leadership]
RISKS AND ISSUES[Current blockers or concerns]
NEXT UPDATE[Time of next briefing]All-staff notification:
Subject: IT Support for [Emergency name] Response
Colleagues,
IT is providing surge support for our [emergency name] response.
WHAT THIS MEANS FOR YOU- If you are deploying: Contact [address] for device and account setup- If you need additional access: Submit requests via [channel]- For urgent IT issues: Contact [emergency support details]
RESPONSE TIMELINE- New accounts: Created within [X] hours of HR confirmation- Devices: Deployed within [X] hours where available- Field connectivity: Coordinated with Logistics
CONTACTS- IT Emergency Coordinator: [Name, contact]- User support: [Contact details]- Emergency support hours: [Times, timezone]
[Name]IT Emergency CoordinatorResource tracking
Maintain real-time visibility of emergency IT resources:
+--------------------------------------------------------------------------+| EMERGENCY IT RESOURCE TRACKER || Emergency: [ref] | Last Updated: [2026-01-24 16:33] |+--------------------------------------------------------------------------+| || PERSONNEL || +--------------------------------------------------------------------+ || | Surge staff: 45 | Provisioned: 38 | Pending: 7 | || +--------------------------------------------------------------------+ || || DEVICES || +--------------------------------------------------------------------+ || | Pre-positioned: 23/40 | Procured: 12 | In transit: 8 | || +--------------------------------------------------------------------+ || || CONNECTIVITY || +--------------------------------------------------------------------+ || | Sites active: 4 | Sites pending: 2 | Satellite deployed: 3 | || +--------------------------------------------------------------------+ || || COSTS (USD) || +----------------------+----------------------+----------------------+ || | Budget: $65,000 | Spent: $43,200 | Committed: $15,400 | || +----------------------+----------------------+----------------------+ || | Available: $6,400 | || +--------------------------------------------------------------------+ || |+--------------------------------------------------------------------------+Update this tracker at minimum daily during active surge, twice daily during Phase 2 and 3.
Post-emergency requirements
Following emergency conclusion:
Within 7 days:
- Complete cost reconciliation by donor allocation
- Submit final costs for grant reporting
- Document all exceptions with remediation requirements
Within 30 days:
- Complete lessons learned session
- Update emergency preparedness documentation
- Remediate critical technical debt
- Replenish emergency equipment stocks
Within 90 days:
- Complete all exception remediations
- Archive emergency documentation
- Update this playbook based on lessons learned
See also
- Emergency Staff Deployment for surge staff provisioning details
- Field Office Rapid Deployment for new field location IT setup
- Emergency Communications Setup for communications establishment
- Capacity Planning for standard capacity planning concepts
- User Onboarding for standard onboarding procedures
- IT Budgeting for cost management concepts