• June 4, 2020

After Action Review for IT Contingency Planning in Unprecedented Times

After Action Review for IT Contingency Planning in Unprecedented Times

After Action Review for IT Contingency Planning in Unprecedented Times 1024 702 Vantage Technology Consulting Group

One unique outcome of the COVID-19 global pandemic is that many of us got to test our contingency plans (BC/DR) firsthand with a very unique test case. Interestingly, this test was both in our professional lives as well as our personal lives. Business continuity planning is supposed to provide some sort of “failsafe” in these kinds of events to ensure that we have at least a baseline from which to operate. There are multiple tools that can assist in developing that plan[1].  Reviewing and reflecting on the reviews of multiple business continuity plans (BCPs), themes are revealed that can help us as we improve our plans for the new “not-normal.” There are three primary areas of BCP planning for education IT that are impacted:

  • Instructional continuity: Ensuring that the teaching and learning mission is carried out by continuing instruction remotely
  • IT infrastructure continuity: Ensuring that the underlying systems and networks that support instruction, collaboration, administration, and research are available
  • IT service continuity: Ensuring the services that IT provides, such as data storage, cloud services, and system access, are available and useful

An After Action Review (AAR) is a method of looking at the results of any activity by having the participants reflect on and review what was planned, what actually happened, and what could be improved next time around. Recording the lessons learned supports continual improvement in technology services that are relied upon by the institution. At its highest level the AAR is a great tool for continuous improvement[2].  Doing an AAR for the response to the pandemic should be done because it is likely not well represented as a scenario in most BC/DR plans.

Most if not all of our contingency planning could not have predicted the full extent of what we are currently dealing with. Understanding what occurred and our response in hindsight provides value and context in reviewing the process. As this review unfolds we can begin to develop the next set of plans as well as course correct while in the midst of this response. In addition, this also helps identify opportunities to improve daily operations and additional methods for mitigation for future events.

While we are still reeling from the effects of the COVID-19 pandemic, doing a self assessment of your response is important to ensure that your contingency plans improve and stay as current as possible.  It will also keep you and your team in alignment with the institution you serve as they react to the crisis.

AAR Workbook

Below is a link to an Excel workbook that contains a brief set of self-assessment questions for you to review with your leadership teams. The workbook is composed of core questions to ask yourself and then provides a means to capture the perceived performance of the plan and develop a prioritized remediation plan as a follow up.

Appreciative Inquiry

These kinds of events have the power to either tear teams apart or bring them together.  Use this opportunity to build a stronger leadership team while supporting the need to look past current events and plan for the future. This exercise can be key for both your organizational health as well as the personal mental health of you and your team.

We suggest working through the workbook using the Appreciative Inquiry model with your team. Appreciative Inquiry (AI)[3] was developed by David Cooperrider and others in the late 1980s[4]. AI shifts the paradigm from a focus on problems to a “possibility” focus as to how organizations and leaders can approach the future they are trying to build. AI is used in strategic planning, team development, coaching, organization development, and research.

Steps for Facilitators

In addition to AI, use the following guidelines for conducting this exercise:

  • Create your own copies of the workbook and share among your team to fill out individually.
  • Give a timeline for their completion, and schedule significant time (that can be spared) to go over the results as a group.
  • Identify areas for improvement (gaps) while also identifying areas that were successful. Success should be defined as areas that you did the best you could given the circumstances. Don’t be overly harsh but focus on growth and learning.
  • Develop a remediation plan to address the most important gaps when you are able and work it into the overall annual IT plan.
  • As a leader, communicate these results and the remediation plan amongst all of your staff wide and far.
  • Gather the results and put them into a document or presentation that could be used to share with leadership, colleagues, and audit. Make sure it addresses how the plan worked, lessons learned, and items to update or change.
  • Consider sharing the results (or a subset) with colleagues across and up your organization to reinforce that IT is in it to support the organization and that the team is aligned and willing to pivot as needed to meet their needs.

Other Questions to Consider

There are many things that won’t be completed, or that will be completed less thoroughly than what you would have liked. Capturing that information to further drive the improvements you seek is highly important. To help spur your imagination, consider the following questions and gauge you and your team’s responses. They are also provided in the workbook for reference:

  • How many software packages does it take to accomplish the same thing? Is there an opportunity to select one and reduce the resources used to deliver the service?
  • Review your software licenses. What functionality can still be accommodated by “free” versions and what will need to be upgraded?
  • What areas of instructional continuity need to be improved? Consider delivery or resources, access to resources, use of resources, student engagement, and faculty engagement.
  • What services were moved immediately to the cloud during the pandemic? What other services should be moved to the cloud now or in the near future? Were these changes tracked?[5]
  • What security policies were suspended temporarily? Were they reinstated?
  • What services were surprisingly quiet (meaning they didn’t really get that much use)?
  • If you stagger a return of your workers how much actual space do you need?
  • What areas of improvement can occur to save money? Are there business processes that are no longer needed or don’t add value?[6]
  • Develop a financial recovery plan. Have you planned for at least two fiscal years with multiple scenarios modeled?

The reality is that taking the time to complete this exercise can be a little daunting, and this certainly applies to conducting an AAR with so many resources constrained. Having an experienced pair of hands to help guide you will usually help you move along more quickly than working on your own. However, it is important that the person assisting you works collaboratively with you and not for you so that, when the after action review is complete, your organization feels it has complete ownership of all that has been achieved.


[1] http://nacubo.org/Topics/COVID-19/COVID-19-Checklists/Business-Continuity-Planning

[2] Action Review: Continuous Improvement Made Easy, Artie Mahal,Technics Publications, 2018.

[3] Cooperrider, D. and Whitney, D. D. Appreciative Inquiry: A Positive Revolution in Change. Berrett-Koehler Publishers, 2005.

[4] Cooperrider’s 1987 article Appreciative Inquiry Into Organizational Life (with Suresh Srivastva) introduced the concept of appreciative inquiry.

[5] Refer to Cathy Bates’ blog post “Thinking about Change Control Documentation” https://www.vantagetcg.com/cio-strategic-minute-thinking-about-change-control-documentation/

[6] “The 25% Plan” by Cathy Bates is a great simplified way to approach this. https://www.vantagetcg.com/the-25-plan/

This post was authored by Consultant Matt Morton, who advises clients on information security, IT management, organizational development, and strategic technology architecture.