top of page

Operational resilience planning. Now is the time to review and act....

In a real time economy, technology failure means business failure. In uncertain times it can lead to

ruin. During these times of uncertainty it is more crucial than ever for organisations to use the very latest

technology to underpin the safety and security of their business. Setting a protective technology wrap around

business resilience and getting this firmly entwined into your business DNA as a joined up approach is

critical. Companies will need to place IT at the very centre of their Operational Resilience Planning.

The purpose of this article is to take you through some of the key technology ingredients that should feed

into resilience planning. Some of these ingredients are just plain obvious, but others have moved into the

spotlight as a result of our remote new world. Key considerations for successful Operational Resilience

Planning should include:


1. Knowing your IT estate inside out- Mapping what you have, knowing your outsourced support

agreements inside out and being ahead of the game. Knowing for example those applications that are

end of life and need decommissioning, or those that require upgrades to remain safe, simple and

current is key. Many legacy estates become fragile over time, particularly when there is a lack of

proper integration. This can lead to security issues. Let's face it mopping up the sins of the past is

pretty dull compared to growing the brilliance of the future. Remediation needs to be tackled head on

to remain secure and current. The situation we are in now may be putting additional strain on those

firms who made recent acquisitions, but hadn't got round to integrating back office systems. Whilst

it's not easy trying to manage this remotely, now is the time to consider making those integrations

happen.


2. Having a tried and tested Disaster Recovery Plan- Technology keeps businesses running and

ensures organisations return to a steady state once disruption ends. Whether you have traditional or


Cloud based, building DR into your planning is crucial to ensure your business returns to steady

state. End to end Software can help with this and often includes Business Impact Analysis, Risk

Assessments, DR testing and even automated notification as an early warning system. What is

crucial is this is managed holistically. There is no point just IT practising this in isolation and the

business having the assurance everything's covered. Everyone is in this together. All business areas

must play their part.


3. Ensuring Security is everything: We all cringe when Social Media headlines a company under

attack. We all breathe a sigh of relief that it hasn't happened to us. Financial Services for example are

a desirable target for cybercriminals due to the vast amounts of personal and commercially sensitive

data it holds. It is an amazing fact that more data has been produced in the past two years than in the

entire history of the human race. Keeping this data secure will only become more challenging as

businesses move away from offline, back office functions to leverage digital channels that require an

automated, speedy, round the clock customer offering. The key elements of your Cyber Security

model such as data loss software, privileged access management, network containment and overall

employee awareness of governance all need to be carefully considered and included. As social media

continues to grow security will continue to become a hallmark of your business. Planning and

replanning the “what ifs” needs to be at the forefront of your planning.


4. Building the right Infrastructure- The IT Resilience Plan will be used to protect data and ensure

companies can provide confidence to their customers. Backup and recovery solutions will be even

more crucial. Having one support software that you know really well, with your people having “least

privileges” is much more effective than having to manage this across multiple providers.


5. Remote really doesn’t mean being cut off- Prior to COVID-19 less than a 1/5 of the UK workforce

had the flexibility in place to work from home. Although confidence in technology to maximise

productively remotely has been on the ascendant, only a mere 27% of staff had been fully briefed on

HOW to work from home. If businesses continue to encourage this as a regular long term option, it is

expected there could see a whopping 85% increase in overall productivity across the business as a

direct result. So having the right remote collaboration suite of tools that compliment your estate and

your customers, with the right anti virus devices, the right end point security wrap, encryption,

phishing, version controlled, audited etc are all crucial in terms of planning. These together with

softer training in software your teams actually want to use and maintaining overall trust are key

ingredients to make planning a long term success.


6. Ensuring everyone is involved- It is imperative planning is led from the top with everyone in the

company, whether internal or outsources are playing their part. The Board must lead & own

operational resilience, with the right maturity assessments and the right levels of tolerance and risk

reported on a regular basis. In IT for example this will be outlined in The Policy Framework.

However it is crucial each department carries out their own planning, not just IT and there is a

clearly defined holistic overview. It is surprising how little Operations Resilience Planning makes it

up to Board Level as part of the risk/ ORSA discussion. How many companies just assign it with the

controls as a simple traffic light reporting all is Green? Now is the perfect time to take a good look at

what went wrong (if anything) on the IT side and to strengthen or fix existing controls. This includes

adding new controls where things didn’t go smoothly and to provide the Board of Directors (and

regulators) extra visibility and the confidence the estate is fit for purpose and operations are being


managed appropriately. Let's face it no one could have predicted Covid-19. Thinking outside the box

at future threats should be regular and reported.


Summary

Planning may sound daunting but making your business automatically resilient shouldn’t be overwhelming.

The best way is to do this incrementally, knowing what you can achieve and by when. Dividing your

approach into manageable bite sized chunks is key. It’s completely achievable running your approach

simultaneously alongside BAU.

Having a well-rehearsed business continuity plan at the centre of your operations will compliment ensuring

your business is ready to face any crisis head on. It will adapt as the success story of the future. And running

this planning across the business whether inward or with your Outsourced partners at all stakeholder levels

is crucial.

"Resilience is accepting your new reality, even if it's less good than the one you had before. You can fight it,

you can do nothing but scream about what you've lost, or you can accept that and try to put together

something that's good".

Drop me a message if you would like to discuss ways to ensure technology resilience and remote working

sits at the very centre of your Operating Model.

6 views0 comments

Recent Posts

See All

Zuhlke Podcast: Data Today

As recently announced by one of our Corporate Partners, Zuhlke, they have officially launched their new podcast: Data Today with Dan Klein. In each episode, Dan Klein will speak to guests who are inno

What makes a good Vendor response to an RFI/P?

This article is offered to Camelot members to help you partner with tech/solution providers who are submitting a response to an RFI/P. It is based on input from David Clamp and then this was built on

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page