Do you know how Merriam-Webster defines vacation?
Believe it or not – this is what it says:
– A period of time that a person spends away from home, school, or business usually in order to relax or travel
– The number of days or hours per year for which an employer agrees to pay workers while they are not working
In this connected digital age, things certainly seemed to have changed.
As Elon Musk once said, “I’d like to dial it back 5% or 10% and try to have a vacation that’s not just email with a view.”
Stand up. Pause. Take a deep breath. Say aloud so you can hear yourself, “I really deserve a vacation!”
Doesn’t that feel good?
Now you can sit.
So let’s start getting you ready for your vacation. I’ve come up with a number of to-dos, which may fit your style, your industry, your organization, or your priorities. If they don’t fit, feel free to modify the list. They’re in no special order. Main thing is: getting ready is so crucial for you to make sure that, when you’re not around, your organization is prepared to run with processes and procedures you’ve already implemented.
1.Meet with all your direct managers one-on-one
Get the list of their projects and project plans for at least the period you will be out – and discuss timelines, deliverables, dependencies, resources, and challenges. Of course, you’re already doing this on a regular basis – but this should be a bit more focused towards the time you will be out.
**Pay particular attention to deliverables and areas of potential delays.
2.Get up to date metrics
I am sure you’re also doing this on a regular basis – collecting all kinds of numbers for your national and international priorities – and transposing them into business terms. If all your reported metrics are not already feeding into a CISO Dashboard, then it’s something you need to pencil in on your to do list to get done when you get back. But, either way, you should take a closer look at the metrics before you go on vacation to make sure you understand the dimensions of the issues and challenges facing the organization and that they will continue to be addressed or resolved during your absence.
**Pay particular attention to the high risks, threat assessments, and scheduled audits.
3.Review RACI matrix of team responsibilities
A RACI matrix is essential for everyone to fully understand roles in tasks and deliverables – especially those responsible and accountable. This is a basic tool that is commonly missing in many organizations and as such leads to a lot of finger pointing. You may not have this fully developed and implemented – but if you do, kudos to you.
**Pay particular attention to those tasks and deliverables, for the time you will be out, that could lead to responsibility and accountability challenges.
4.Review your Budget
Spend some time on this. Make sure the numbers make sense – especially if you have any deliverables or challenges during your absence. If you have a financial analyst, that’s great. If you have project management well laid out, kudos to you again. However, it’s up to you to make sure you prepare an adequate budget forecasting. Frequent budget oversight will prevent budget overruns. So run through this one more time before you leave.
**Pay particular attention to those projects that may have scope creep or resource issues that could present budget nightmares if left alone for too long.
5.Review the time off schedule of your staff
Most of your managers may already have their own methods in tracking time-off for their employees. But it’s very important that your entire InfoSec group have a single place, like a SharePoint site, where everyone under you can easily see a calendar displaying who’s out and when. It’s so important that there be ample coverage, especially during your absence so that business support and projects doesn’t suffer – and your reputation too!
**Pay particular attention to coverage issues or challenges and address those as quickly as possible.
6.It’s time to email your Out of Office Notification
Make sure you notify your team, senior management, the Board, business partners, and stakeholders at least a week prior to you being out. This way you will avoid (to a large extent) any last moment fire drills. You will have a chance to implement proper delegation and easy transfer of responsibilities to your designee(s) whilst you’re out. Of course, you will set your Out of Office email notification that spells out who’s standing in for you and for what area(s).
**Pay particular attention to the responsibilities and accountabilities for your appointed designees.
7.How they can reach you. How you can reach them.
Once you get your vacation plans whirring, this is one thing you will quickly forget. Don’t depend on the assumption that all the contact information will be in your Blackberry or some online list. Be cautious enough to get it on paper. Take the paper with you and don’t lose it.
**Pay particular attention to write down key contact information and also be willing to share your contact information with a few key individuals as you see fit.
8.Need to seriously review your Incident Management process
Here’s hoping you have an Incident Management process well in place – well documented, tested, and reviewed on a regular basis. If you do, a high five! If you don’t, make a calendar entry to address that when you get back. You don’t want to be out and no one on your team really knows what steps to take, who to get involved, timeline, chain of custody, etc. In the absence of thorough incident management procedures, a major incident during your absence can, not only ruin your vacation, but also can start the downward spiral of your passion, your reputation, and perhaps even your career!
**Pay particular attention to the people and the steps around this process. Meet with the incident management team, whether it is a separate team or a collection of individuals, to review the process.
Reschedule or cancel those meetings you can do without before your vacation. Same with meetings during your vacation. For the important meetings scheduled during your vacation, make sure you appoint appropriate designee(s). It’s also important to block off time on your calendar, if you can, for a couple of days when you return allowing you to catch up. You may even want to schedule one-on-ones with some of your managers during this time to help you catch up – better than reading several hundred emails!
**Pay particular attention to meetings with auditors, regulators, critical business partners, senior management, and board members.
10.Get all of the above on your calendar!
It’s nice to have a checklist. But you need to make all of the above (or those you feel are necessary) into actionable items. Get them on your calendar ASAP.
**Pay particular attention to the most important items and schedule those first in case you need follow-ups.
11.Ready, set, go! Enjoy your vacation!
Don’t forget the sunscreen, your digital books and magazines, sunglasses, camera, converters, extra batteries for all your essential toys, appropriate clothing, adequate storage for all your photos and videos. Most of all, please review all the do’s and don’ts, not only regarding information security, but also very much so for the area(s) you will be traveling to.
**Pay particular attention to note to spend extra time doing the things you truly love!
Just make sure you prepare well for your vacation – so work interruptions are kept to a minimum: not only for you, but also for the lovely company you plan to be with! Your fun in the sun may well depend on how well you prepare for your vacation.
Now you can shout aloud for everyone to hear – “I really deserve a vacation!”