IT Emergency Plan for Swiss SMEs: Template and Checklist
An IT outage costs Swiss SMEs an average of CHF 8,000 per hour. With a structured IT emergency plan, you reduce downtime and protect your company from the worst.
Solution Engineer
IT Emergency Plan for Swiss SMEs: Template and Checklist
CHF 8,000 per hour — that's the average cost of an unplanned IT outage for a Swiss SME. Ransomware, server crash, power failure: if you don't have an IT emergency plan at that critical moment, you lose not only money but also your customers' trust.
TL;DR
- An IT emergency plan (also called Business Continuity Plan) defines who does what when critical systems fail.
- Swiss SMEs need at least a one-page emergency plan with contact lists, recovery objectives, and clear responsibilities.
- Implementation costs between CHF 2,000 and CHF 15,000 depending on company size.
- Without a plan, recovery typically takes 3× longer than with a documented process.
What is an IT Emergency Plan — and why do SMEs urgently need one?
An IT Emergency Plan is a documented procedure that defines how a company responds to IT outages, restores critical systems, and maintains operations. It is the operational core of a Business Continuity Plan (BCP) — the overall strategy by which a company ensures its operations even in a crisis.
📊 60% of Swiss SMEs without an emergency plan cease operations within 6 months of a serious IT incident. Source: Schweizerische Mobiliar / SME Study 2023
The risk is particularly real for SMEs in Switzerland: according to the National Cybersecurity Center (NCSC), the number of reported cyberattacks on SMEs doubled between 2021 and 2023.
⚠️ Important: An IT emergency plan is not the same as a backup strategy. Backups are a tool — the emergency plan describes who uses that tool, when, and how.
What content must an IT emergency plan for SMEs include?
An effective IT emergency plan for Swiss SMEs must contain at least six core elements — from risk analysis to communication strategy.
Comparison of mandatory components
| Element | Minimal version | Recommended version |
|---|---|---|
| Emergency contacts | 1 internal list | Internal + external providers + authorities |
| Risk analysis | Top 3 scenarios | Complete Business Impact Analysis |
| Recovery objectives (RTO/RPO) | Per core system | Per application and data class |
| Recovery steps | Key points | Detailed step-by-step instructions |
| Communication plan | Internal information | Internal + customers + media |
| Test protocol | 1× annually | 2× annually + after every incident |
💡 Tip: For each critical system, define two metrics: RTO (Recovery Time Objective = maximum downtime) and RPO (Recovery Point Objective = maximum acceptable data loss). For an ERP system at a retail SME, RTO = 4 hours and RPO = 1 hour would be typical.
How do you create an IT emergency plan in 6 steps?
With this guide, create a practical IT emergency plan for Swiss SMEs — even without a dedicated IT security team.
-
Identify critical systems — List all IT systems your operations cannot function without: ERP, email, webshop, accounting, production control. Prioritize by business criticality.
-
Define risk scenarios — Set the three most likely outage scenarios: ransomware attack, hardware failure, human error. You need a separate response path for each scenario.
-
Set RTO and RPO — Decide with management how long each system can be down at most and how much data loss is acceptable. These objectives determine your backup strategy.
-
Assign responsibilities — Each measure needs exactly one responsible person — not a department. Create a RACI matrix (Responsible, Accountable, Consulted, Informed).
-
Document emergency contacts — Store all relevant contacts outside the affected system — on paper or in a cloud application independent of company IT.
-
Test and train — Conduct at least one emergency drill per year. Simulate a complete system failure and measure actual recovery time.
🚨 Warning: An emergency plan that exists only as a PDF on the company server is useless in an actual crisis — precisely when the server is unreachable. Print it and store it in two physically separate locations.
Which checklist helps you get started?
This quick-start checklist shows where your company stands today:
- Critical IT systems are documented and prioritized
- RTO and RPO are defined for all core systems
- Backup strategy follows the 3-2-1 rule (3 copies, 2 media, 1 offsite)
- Emergency contact list exists outside company IT
- Responsibilities are assigned to names (not roles)
- Communication plan for customers and partners exists
- Last test of emergency plan is less than 12 months old
- External IT service providers know the plan and their role in it
ℹ️ Note: The Federal Office for Economic Supply in Case of Crisis (OFAC) offers free templates and guides for SME business continuity — available at ofac.admin.ch.
Conclusion: Next steps for your IT emergency plan
An IT emergency plan for your SME doesn't need to be perfect — it needs to exist and be current. Start with your three most critical systems, assign responsibilities, and test the plan within 90 days.
The biggest investment is not the budget but the time of the right people: management, IT staff, and external providers must sit at the same table.
On IT-Provider.ch, find over 200 verified Swiss providers who help SMEs create IT emergency plans and business continuity concepts — with transparent pricing and verified customer ratings.
Frequently asked questions about IT emergency plans for Swiss SMEs
How much does an IT emergency plan cost for an SME in Switzerland?
Costs range from CHF 2,000 (simple document with external consulting) to CHF 15,000 for complete Business Continuity implementation including tests. Many IT service providers offer entry packages starting at CHF 990.
How often must an IT emergency plan be updated?
At least once a year, plus after any significant incident, after major system changes, or if business structure changes. Quarterly review of contact lists is recommended.
What's the difference between an IT emergency plan and a Business Continuity Plan?
The IT emergency plan focuses on technical system recovery. The Business Continuity Plan (BCP) is broader: it also covers staff failures, site issues, and supply chain disruptions. The IT emergency plan is a component of the BCP.
Is an IT emergency plan legally required?
In Switzerland, there is no explicit legal requirement for SMEs. However, the revised Data Protection Act (revDPA) and industry-specific regulations (e.g., Finma for financial service providers) require verifiable data security and business continuity measures.
Can an SME create its own IT emergency plan?
Yes — for simple companies with fewer than 20 employees, a self-created plan is often sufficient. For more complex environments, one-time support from an external IT specialist is recommended, who then transfers knowledge and templates to you.
