Suggestions for organizational "open after my death" boxes?
May 21, 2019 9:29 AM Subscribe
I work in a small organization whose director recently died suddenly and completely unexpectedly at a relatively young age. He didn't have an administrative assistant, so we'll be facing the task of figuring out how he organized his files and digital resources, and how he handled all of the things he handled. It's underlining our lack of a good organizational system whereby all employees document everything that would be necessary for someone to step into their role and handle their tasks, and stores the documentation where people can find it.
The system would need to have some level of security such that confidential material (passwords, etc.) could not be accessed except in a defined emergency such as death or incapacity. What's out there, either as product or set of procedures, that we should consider?
The system would need to have some level of security such that confidential material (passwords, etc.) could not be accessed except in a defined emergency such as death or incapacity. What's out there, either as product or set of procedures, that we should consider?
Best answer: There are a few key components here. The first is an organizational system, which can be helped with good knowledge management or even just document management practices. Make everyone store their materials on a centralized system with file names and file structures being the same across all parts of the organization. The more someone has on his/her personal laptop (or filing cabinets, for paper systems), the more complexity you're going to add to the system.
Password, access management should be centralized by someone who is trusted with your systems and the contents within, so that the appropriate people can gain access in the event of an exit, accident, or death.
As mandolin conspiracy mentioned, Business Continuity Planning takes care of a lot of this, but even in situations where you're dealing with known exits, known outages, and known issues, you should all be speaking the same language, as it were, when it comes to how everyone in the organization...organizes.
posted by xingcat at 9:47 AM on May 21, 2019 [1 favorite]
Password, access management should be centralized by someone who is trusted with your systems and the contents within, so that the appropriate people can gain access in the event of an exit, accident, or death.
As mandolin conspiracy mentioned, Business Continuity Planning takes care of a lot of this, but even in situations where you're dealing with known exits, known outages, and known issues, you should all be speaking the same language, as it were, when it comes to how everyone in the organization...organizes.
posted by xingcat at 9:47 AM on May 21, 2019 [1 favorite]
Best answer: My organization has a lot of turn-over in our support staff (as we are primarily contract employees). We may not be as small as you (about 50 staff)
They have instituted a number of organizational policies that I really like, as someone who has had to step into someone's else's position:
As noted above, we store our important project documents on a central server (we're very project oriented), with a standardized sub-folder organization:
- our files are all organized by project number (much clearer than a name, as those can be repetitive/overlapping)
- all project folders have a standard sub-folder organization for the related files - this means that for any given project, files will be organized in similar places
- we also separate confidential & non-confidential files on two different servers, both organized by project number. So the working & administrative files (usually non-confidential) will be filed on one server under something like "123_SesameStreet", and the confidential files will be on the other server also under "123_SesameStreet". This helps control access to the confidential files, while still being really clear on where everything is.
We have a small central "Operations" team who keeps central records:
- our projects will have information about funding and ethics which are not confidential, but often (at other institutions) left to individual project coordinators to handle. But here, we file copies of all important information (e.g. grant applications & awards, ethics applications & approvals) with a central operations person
- this person also oversees the file organization, ensures that there is standardization in file storage, and has the authority to access the confidential information if necessary
At a more personal level: I have also borrowed from scientific examples and used tools like creating "Standard Operating Procedures" (SOP) documents. These can describe a process (e.g. how to correctly update X database), or contain information (contacts, important account/file numbers). The idea is that if you left suddenly, someone should be able to pick up the SOP and continue to run the clinical trial/update the database/know who to call for this grant information.
posted by jb at 9:49 AM on May 21, 2019 [5 favorites]
They have instituted a number of organizational policies that I really like, as someone who has had to step into someone's else's position:
As noted above, we store our important project documents on a central server (we're very project oriented), with a standardized sub-folder organization:
- our files are all organized by project number (much clearer than a name, as those can be repetitive/overlapping)
- all project folders have a standard sub-folder organization for the related files - this means that for any given project, files will be organized in similar places
- we also separate confidential & non-confidential files on two different servers, both organized by project number. So the working & administrative files (usually non-confidential) will be filed on one server under something like "123_SesameStreet", and the confidential files will be on the other server also under "123_SesameStreet". This helps control access to the confidential files, while still being really clear on where everything is.
We have a small central "Operations" team who keeps central records:
- our projects will have information about funding and ethics which are not confidential, but often (at other institutions) left to individual project coordinators to handle. But here, we file copies of all important information (e.g. grant applications & awards, ethics applications & approvals) with a central operations person
- this person also oversees the file organization, ensures that there is standardization in file storage, and has the authority to access the confidential information if necessary
At a more personal level: I have also borrowed from scientific examples and used tools like creating "Standard Operating Procedures" (SOP) documents. These can describe a process (e.g. how to correctly update X database), or contain information (contacts, important account/file numbers). The idea is that if you left suddenly, someone should be able to pick up the SOP and continue to run the clinical trial/update the database/know who to call for this grant information.
posted by jb at 9:49 AM on May 21, 2019 [5 favorites]
This also makes your people much more replaceable. Don't forget to reassure your people that they're not being replaced, unless they are, and you're trying to keep them relaxed and writing up their SOPs before the chop.
posted by turkeybrain at 11:31 AM on May 21, 2019 [2 favorites]
posted by turkeybrain at 11:31 AM on May 21, 2019 [2 favorites]
Response by poster: Thanks, all. Centralized documentation will be more feasible for my organization than completely centralized project storage as different sub-departments operate in quite different ways. (We have design/editorial departments who keep all their material in the same place on a networked server, but our pair of programmers/techies use Subversion or Git repositories, etc.)
What is a good technical solution for storing master passwords/authentication information? I can think of lots of possibilities, from having people provide printouts in sealed envelopes that are stored redundantly in secure locations, to encrypted files ditto, but there are obvious tradeoffs between convenience and security/safety.
posted by Creosote at 5:11 PM on May 21, 2019
What is a good technical solution for storing master passwords/authentication information? I can think of lots of possibilities, from having people provide printouts in sealed envelopes that are stored redundantly in secure locations, to encrypted files ditto, but there are obvious tradeoffs between convenience and security/safety.
posted by Creosote at 5:11 PM on May 21, 2019
Best answer: After reading various Asks on this website, I've settled on 1Password as a password recovery system for me and my family. They have this nice emergency recovery kit that you can print out with your master password and your secret code. You can then store this piece of paper in a safe-deposit box to be opened after your death, and it will give access to your 1Password account (and thus to all the passwords in there). It can also be segmented into "work" passwords and "home" passwords so that the emergency recovery kit would only recover one set of passwords.
Alternatively, since the secret code is something like 36 characters long, the CEO could give the first twelve characters to one person, the second twelve to another, and the third twelve to an attorney, so that in case of CEO death or incapacitation the entire code could be reconstructed.
(A nice feature of this kind of password recovery system is that the user can still change their email/bank/credit card/vendor/etc passwords every six months, and these are all stored and updated on 1Password and so are all unlocked by the master password and secret code.)
posted by fuzzy.little.sock at 12:14 PM on May 22, 2019 [2 favorites]
Alternatively, since the secret code is something like 36 characters long, the CEO could give the first twelve characters to one person, the second twelve to another, and the third twelve to an attorney, so that in case of CEO death or incapacitation the entire code could be reconstructed.
(A nice feature of this kind of password recovery system is that the user can still change their email/bank/credit card/vendor/etc passwords every six months, and these are all stored and updated on 1Password and so are all unlocked by the master password and secret code.)
posted by fuzzy.little.sock at 12:14 PM on May 22, 2019 [2 favorites]
« Older How do I make this font work on my PC? | I don’t play video games, but now I wish I did.... Newer »
This thread is closed to new comments.
A good plan takes into account things like what you've just experienced along with other scenarios (natural disasters or public emergencies where people can't get to the office, thefts of critical documents or records, the office burns down, etc.), or more minor things (the power is out for part of a day or your ISP has some kind of temporary hiccup).
posted by mandolin conspiracy at 9:44 AM on May 21, 2019 [4 favorites]