What’s the difference between “urgent” and “emergency” for IT support?

Emergency means business-down, active security risk, or ongoing/likely data loss. Urgent means important but limited scope (one user, one device) or there’s a workable workaround until business hours.

Should you always dispatch on-site for a server or network outage?

No. Start remote first to confirm what’s actually down (ISP vs firewall vs DNS vs a single switch). Dispatch on-site when hardware/power/ISP handoff requires hands or remote steps aren’t possible.

How do you handle callers who refuse emergency pricing?

Stay calm and give two options: after-hours emergency at the emergency rate, or schedule the first available business-hours slot at the normal $100–$200/hour rate. Document their choice in the ticket.

What questions catch most “false emergencies” fast?

Ask: “How many users are affected?” and “What system is down?” Then ask: “Can anyone else log in/send email/take payments?” If it’s one person and others work, it’s usually not an emergency.

What should you do first if ransomware is suspected?

Containment before cleanup: isolate the affected machine/network segment, disable suspicious accounts, block outbound traffic if needed, and preserve logs/screenshots. Then start incident response triage and confirm backups/restore options.

How do you keep from missing after-hours emergency calls when you’re already on another job?

Use an on-call rotation with a 10-minute callback standard and a clear escalation list. If you can’t answer phones consistently, use a 24/7 answering layer that collects triage info and instantly routes emergencies to the on-call tech.

Emergency Call Protocol

Emergency Call Protocol for IT Companies

When an “IT emergency” call comes in, you need to make a fast, repeatable decision: is this truly urgent, who owns it, and what’s the next action in the next 5–15 minutes. This protocol gives you a clear definition of an IT emergency, a triage decision tree, after-hours handling, dispatch steps, scripts, pricing, documentation, and ways to prevent “everything is urgent” callers from burning your team out.

1) What Counts as an IT Emergency (and What Doesn’t)

Use this rule: it’s an emergency when business operations are stopped, security is actively at risk, or data loss is ongoing/likely within minutes to hours. If the issue affects one person and there’s a workaround, it’s usually urgent—but not an emergency. Emergency examples (respond immediately): - Entire network down (no internet, no LAN, no Wi‑Fi across office) - Server/VM host down (Hyper‑V/VMware host offline, domain controller down) - Ransomware indicators or confirmed breach (encrypting files, unusual logins, “your files are encrypted” note) - Email system down company-wide (Microsoft 365 outage at tenant level, Exchange failure) and no alternate comms - Payment/POS down across site (retail/restaurant can’t take payments) - Critical line-of-business app down for everyone (ERP, scheduling, EHR) - Active data loss (RAID failure alarms, storage full and services failing, backups failing during incident) Urgent but not emergency (same-day or next business day): - One user can’t print, can’t access one shared folder, single PC won’t boot (if others can work) - New user setup, password reset (unless locked out of MFA/admin during an incident) - “Computer is slow” with no outage - Non-critical alerts (one disk at 80% but stable) Non-urgent (schedule): - New Wi‑Fi setup, network refresh, migrations, cybersecurity audit ($2,000–$20,000), network setup ($1,000–$10,000) - Patch planning, documentation cleanup, device replacements

Emergency Call Protocol for IT Companies

1) What Counts as an IT Emergency (and What Doesn’t)

Explore SkipCalls

2) Triage Decision Tree (5-Minute Intake You Can Run on Every Call)

3) After-Hours Emergency Response (Nights, Weekends, Patch Nights)

4) Dispatch Procedures (Remote First, On-Site When It’s Truly Needed)

5) Communicating Wait Times (Scripts That Reduce Panic and Repeat Calls)

6) Emergency Pricing (Clear Rates, No Surprises, Still Profitable)

7) Documenting Emergencies (So You Can Bill Correctly and Prevent Repeat Outages)

8) Preventing False Emergencies (Reduce Noise Without Missing Real Crises)

Step-by-Step Process

Answer + tag the call

Run the 5-minute triage

Decide: remote-first vs dispatch

Confirm emergency pricing + approval

Alert the right on-call tech

Stabilize first, then fix

Send timed updates

Close the loop with a post-incident summary

Pro Tips

Frequently Asked Questions