The findings illustrate the reliance organisations have on IT systems. Delivered effectively, technology streamlines processes, improves productivity and delivers cost savings across a business, but when systems are unavailable, major problems can ensue. The TSB banking crisis was a testament to this, with an estimated 1.9 million customers unable to access their accounts following a poorly coordinated IT upgrade, provoking much scrutiny and backlash for the bank.
According to Groucutt, as businesses increasingly digitalise their operations, the fallout from any IT related downtime becomes much more impactful:
Groucutt adds: “The findings taken from the Data Health Check reinforces how reliant we are on technology. For many organisations, there are now very few business processes that do not depend on a computer to deliver them. In general, automated processes are more dependable but when systems do fail, there are less manual processes to revert to. Without IT, businesses simply can’t survive.
“Digital Transformation requires some new tactics to maintain resilience but the principles of business continuity remain the same. When we design our mitigation solutions, we need to consider diversification, replication, stand-by and post incident acquisition. We apply these principles to all aspects of the business, from the work environment, the people, our suppliers and our technology.”
Groucutt states regardless of whether a process is digital or manual, certain fundamentals must always be present in your continuity planning: “Designing solutions for how an organisation is going to continue operating following a disruption should be based on the business continuity requirements identified in your business impact analysis (BIA), and the outcomes from the risk assessment. Critically, any business continuity solution should include these fundamental elements:
Diversification – Firstly, having the ability to run different activities and functions across different locations, means that if a problem or a disruption does occur at your current location, you can move to an alternative site and pick up activities with minimum impact to the business.
Replication – Another facet of diversification might be duplicating resources. This means that if there is a disruption, activities can be mirrored elsewhere enabling the business to recover quicker.
Stand-by – If, for example, an organisation has a ‘recovery time objective’ (RTO) that provides a longer response time for an incident, an alternative solution might be to have a standby location available, which enables you to become operational in the allotted RTO.
Finally, Post-incident acquisition means that if your agreed RTO’s are measured in days or weeks, a firm can actually source the resources needed to fix it, in the post-disruption stage. To be effective though, it’s important a firm uses a pre-defined and prioritised list when acquiring these resources, whether it be specific skills, equipment, facilities or supplies.
Groucutt concludes: “For organisations unsure about how best to approach improving their resilience, information provided by the Business Continuity Institute (BCI) outlines not only the fundamentals needed for designing a plan but also implementation and evaluation.”