TL;DR: When a cyber incident or major IT failure occurs, the last thing you want to be doing is searching for your IT provider’s phone number or trying to remember your insurance policy number. This template captures all the critical information in one place — to be printed, completed, and stored in a physical location that is accessible when your systems are down.
The Problem This Template Solves
Every IT incident response plan contains the same instruction: “Contact your IT provider immediately.” And every IT provider who has responded to a major incident has the same experience: the client cannot find their phone number, cannot remember which insurance company they are with, does not know the policy number, and in some cases cannot identify who their ISP is.
This is not a failure of intelligence. It is a failure of preparation. When systems are down and stress is high, people cannot find information they rely on digital tools to store — and the digital tools are exactly what is unavailable.
The Emergency IT Contact Card is a physical document. It is printed, completed with actual contact details, and stored somewhere accessible without a computer. The server room, the reception desk, the IT manager’s desk drawer, and the managing director’s office are all appropriate locations.
It should be updated whenever any of the information changes.
Emergency IT Contact Card Template
Print this template. Complete every field. Store printed copies in at least two physical locations.
[COMPANY NAME] EMERGENCY IT CONTACT CARD
Last updated: _______________ Updated by: _______________
PART 1: IT SUPPORT
Primary IT Support Provider / Managed IT Provider:
| Field | Details |
|---|---|
| Company name | |
| Main phone (business hours) | |
| Emergency phone (after hours) | |
| Support email | |
| Support portal URL | |
| Account manager name | |
| Account manager mobile | |
| Emergency escalation contact |
What triggers a call to IT:
- Any suspected ransomware or malware
- Any system or server failure
- Any suspected account compromise
- Any lost or stolen device
- Any email that appears to have come from your company that you did not send
- Any suspicious activity in Microsoft 365 admin centre
- Internet outage (if ISP cannot resolve within 2 hours)
PART 2: CYBER INSURANCE
Do not delay calling your insurer — most policies require notification within 24–72 hours of discovery of an incident.
| Field | Details |
|---|---|
| Insurance company | |
| Policy number | |
| Claims phone (24-hour) | |
| Claims email | |
| Broker company | |
| Broker contact name | |
| Broker phone | |
| Policy renewal date | |
| What the policy covers (brief) |
When to call your insurer:
- Any ransomware attack
- Any data breach involving personal information
- Any fraud or BEC incident involving financial loss
- Any incident where client data may have been compromised
- Before engaging any third-party incident response firm (insurer may have preferred providers)
PART 3: INTERNET AND CONNECTIVITY
Primary Internet Service Provider:
| Field | Details |
|---|---|
| Provider name | |
| Account number | |
| Service type (NBN/Fibre/4G) | |
| Fault reporting phone | |
| Account management phone | |
| Support reference/PIN | |
| Expected repair time (SLA) |
Failover Connection (if applicable):
| Field | Details |
|---|---|
| Provider name | |
| Service type | |
| SIM number (if 4G) | |
| APN settings | |
| How to activate failover |
What to report when calling ISP:
- Your account number
- The service address
- When the fault started
- What you have already checked (router restart, modem lights)
PART 4: PHONE SYSTEM
| Field | Details |
|---|---|
| Phone system type | PBX on-premise / Cloud VoIP / Teams Phone |
| Provider | |
| Support phone | |
| Account number | |
| Admin portal URL | |
| Admin login (store securely — not on this card) |
If the phone system fails:
- Main number to divert calls to: _______________
- Backup contact method for urgent client calls: _______________
PART 5: MICROSOFT 365
| Field | Details |
|---|---|
| Tenant name / domain | |
| Global Admin account username | |
| Microsoft 365 admin centre URL | admin.microsoft.com |
| Microsoft support phone | |
| Microsoft account ID |
Emergency Global Admin credentials: Store in a sealed envelope in the IT room — NOT on this printed card.
Where emergency credentials are stored: _______________
Who has access to emergency credentials:
PART 6: DOMAIN AND DNS
| Field | Details |
|---|---|
| Domain registrar | |
| Domain registrar login (store securely) | |
| Domain registrar support phone | |
| DNS provider (if different from registrar) | |
| Primary domain name | |
| All other domain names |
Why this matters: If your email stops working, you may need to change DNS records. If your website goes down, you may need to change DNS. Domain registrar access is critical.
PART 7: BACKUP AND RECOVERY
| Field | Details |
|---|---|
| Backup software | |
| Backup vendor support phone | |
| Backup portal URL | |
| Backup storage location | |
| Last successful backup date/time | (check weekly and update) |
| Estimated recovery time (full) | |
| Who can initiate a restore |
Recovery procedure summary:
- Call IT provider (Part 1)
- Do not restore to a system that may still be infected — confirm clean environment first
- Restore from most recent verified backup
- Test restored data before bringing systems live
PART 8: KEY INTERNAL CONTACTS
| Role | Name | Mobile |
|---|---|---|
| Managing Director / CEO | ||
| IT Manager / IT Coordinator | ||
| Finance Manager | ||
| Operations Manager | ||
| HR Manager |
PART 9: REGULATORY CONTACTS
For incidents involving personal information that may require notification:
| Body | Contact |
|---|---|
| OAIC (Office of the Australian Information Commissioner) | 1300 363 992 |
| ACSC (Australian Cyber Security Centre) | 1300 CYBER1 (1300 292 371) |
| Australian Federal Police (cybercrime) | ReportCyber: cyber.gov.au/report |
| Police (for theft or fraud) | 000 (emergency) / 131 444 (non-emergency) |
When to notify OAIC: If personal information of Australian individuals may have been accessed and the breach is likely to result in serious harm — this is a legal obligation under the Privacy Act 1988 (Notifiable Data Breaches scheme).
When to contact ACSC: The ACSC provides free assistance to Australian businesses experiencing cyber incidents. You do not need to wait to confirm an incident before calling — they can help you assess the situation.
PART 10: FIRST 15 MINUTES CHECKLIST
If you discover what appears to be a cyber incident:
- Call IT immediately — use the number in Part 1 above
- Do not turn off affected computers unless IT instructs you to (forensic evidence may be lost)
- Disconnect affected computers from the network — unplug ethernet, turn off Wi-Fi
- Do not attempt to remove ransomware yourself
- Do not pay any ransom without professional advice
- Call your insurance company — use the number in Part 2 above
- Preserve evidence — take photos of error messages, ransom notes, or unusual screens
- Contact your legal counsel — communications during an incident may be privileged
Maintaining This Card
This card is only useful if it is current. Review and update:
- After any staff change that affects the contacts listed
- After any IT provider change
- After any insurance renewal
- After any change to internet service provider or phone system
- At minimum, once per year (add to Annual IT Maintenance Calendar)
Storage: Print at least three copies:
- IT server room / communications room
- Managing Director’s office or desk drawer
- Finance manager or operations manager’s desk
For the full incident response procedure, see Cyber Breach Response Playbook.
For staff-facing quick reference, see Cyber Security Quick Reference Card.
If you would like CX IT Services to fill in the relevant sections of this card as your IT provider, book a Right Fit Call.