Library Incident Response Plan: The One-Page “One Bad Day” Checklist for Public Libraries
Libraries don’t get to schedule emergencies. Your internet drops during the after-school rush. Staff can’t log in mid-checkout. Printing fails when patrons need it most. A security pop-up appears on a public computer, and everyone freezes. This post gives you a library incident response plan you can put in place quickly: a one-page checklist that helps staff respond calmly, reduce downtime, and protect patron trust—without needing anyone to “be the IT person.”
What is a library incident response plan?
A library incident response plan is a simple, repeatable set of steps your team follows when technology fails or when you suspect a security issue (like phishing or malware). The goal isn’t perfection. The goal is predictability—so your library can keep serving people even on a rough day.
A good plan does three things fast:
- Reduces panic (staff know what to do first)
- Reduces downtime (the right person gets called quickly)
- Protects trust (patrons see calm competence, not confusion)
The 5-minute rule: What staff should do first
When something breaks, well-meaning people start clicking around. That’s how small issues turn into big ones.
Use this “first 5 minutes” response in your library incident response plan:
First 5 minutes: Do this
- Confirm the scope: Is it one device, one room, or the whole building?
- Capture the facts: What stopped working, what error message appeared, and the time it started.
- Try one approved restart only: (Examples: a printer or a public PC—only if it’s on your approved list.)
- Escalate quickly: Contact the designated “First Call” (below).
First 5 minutes: Do NOT do this
- Don’t install “fix-it” tools or click “clean computer” pop-ups
- Don’t enter credentials into unexpected prompts
- Don’t keep trying passwords repeatedly (it can lock accounts)
- Don’t reset network equipment unless IT explicitly instructs you to
Step 1: Create your “First Call / Second Call” contact path
When systems go down, staff either call the wrong person… or call everyone.
Decide this ahead of time:
- First Call: name + phone + email
- Second Call: backup name + phone + email
- After-hours process: what to do during evening programs or weekends
- When to call the internet provider vs. IT support: a simple rule of thumb
Put this in a location staff can actually find under stress—and keep it updated.
Step 2: Choose a one-sentence message staff can say to patrons
Patrons don’t need a technical explanation. They need confidence.
Use a calm, consistent script:
“Our system is temporarily down. We’re working on it and will update you as soon as service is restored. Thanks for your patience.”
This prevents guessing, oversharing, and accidental misinformation.
Step 3: Decide what to restore first
When everything feels broken, priorities matter.
Pick your top three “restore first” services, such as:
- Circulation / checkout
- Public internet / Wi-Fi
- Printing
Your incident response plan should make it easier for IT support to focus on what keeps the building functional.
Step 4: Add “stop the spread” steps for security situations
Not every incident is an outage. Some are security events.
If anything looks suspicious—phishing, malware, unexpected pop-ups—your plan should default to containment:
- Stop and report immediately (don’t investigate)
- Do not enter passwords into pop-ups or unexpected prompts
- Preserve the details (screenshot or write down the message)
- Follow IT instructions for disconnecting the device/network if needed
The goal is containment, not heroics.
For a practical, step-by-step checklist that complements your library incident response plan, CISA’s Ransomware Response Checklist is a solid reference for what to do from detection through containment and recovery.
Download: One-Page Library Incident Response Checklist (PDF)
To make this easy to implement, we put the full plan into a printable one-pager your staff can use under pressure.
Download the PDF: Library Incident Response Plan — One-Page Checklist
Print it, fill in your contacts, and keep it somewhere predictable.
The small habit that prevents big headaches: stop shared logins
If staff share accounts “just to get through the day,” write that down as a risk.
Shared logins create two problems:
- Troubleshooting becomes harder (you can’t tell what happened)
- Security risk increases (one compromised login affects more systems)
You don’t have to fix it overnight—but your incident response plan should flag it as a priority.
Make this a February tradition
February is perfect for this because it’s before spring chaos, summer reading prep, and the “why is the Wi-Fi like this?” season.
Your goal is simple: fewer surprises.
A quick win you can do today
Block 15 minutes this week. Download the one-pager, fill in your contact path and restore priorities, and ask one staff member:
“If our internet went down right now, what would you do first?”
If the answer is “I’m not sure,” you just found your easiest improvement of the month.
FAQ: Library Incident Response
What should a library do first during an IT outage?
Confirm scope, document the time and error message, try only an approved restart if applicable, and contact the designated First Call immediately.
What belongs on a one-page library incident response plan?
Contacts (IT, ISP, key vendors), first 5-minute steps, what not to do, patron communication script, restore priorities, and where secure credentials are stored (location only).
How often should a library review its incident response plan?
At least twice a year, and after any major incident or technology change (new ISP, new devices, system migration).
Do small libraries really need an incident response plan?
Yes—smaller teams often have more single points of failure. A one-page plan reduces stress and speeds recovery.
About AVC Technology: AVC Technology helps Indiana libraries reduce downtime, improve security, and build practical processes staff can follow—without adding stress to your day.