Recent events with a worldwide IT outage highlighted the vulnerability and impact IT systems have in every element of sectors, of organisations of all sizes. Whilst this incident was limited to specific software, the event highlights that all organisations need to have robust IT Disaster Recovery plans (to restore IT services), as well as commensurate Business Continuity Plans (BCP are alternate ways of working during an outage). It is vital that these plans are compatible with operational needs, and the criticality of the IT systems. How long can your organization last without IT? 4 hours, 4 days, 4 weeks…4 months? Depending on your budget, risk appetite, and tolerance for running under BCP, this will be a key factor in how resilient your IT systems need to be.
Key Points
- Organisations need to make an informed review of the criticality of IT systems, and how long the organisation can function without IT systems or data.
- IT Disaster Recovery (IT DR) plans need to reflect the significance of an outage that is outside their control and devise recovery plans accordingly.
- Business Continuity Plans (BCP) need to align with real world capacity and capability to use alternatives to key IT systems.
- IT DR and BC plans require testing in-house to ensure single points of failure both for technology and people have been removed, and the plans can be used effectively.
- Both IT DR and BCP need to align, and for effective governance, the Executive team should have oversight and ownership.
Link
https://www.bbc.co.uk/news/articles/cp4wnrxqlewo
https://www.bbc.co.uk/news/articles/cp0823lz4j7o
Action Required
Management and Boards are recommended to seek independent assurance that the current IT Disaster Recovery planning and Business Continuity Plans are robust and fit for purpose.
Contact TIAA Digital for independent advice, and support in this business critical process – Contact us