In a real time economy, technology failure means business failure. In uncertain times it can lead to
ruin. During these times of uncertainty it is more crucial than ever for organisations to use the very latest
technology to underpin the safety and security of their business. Setting a protective technology wrap around
business resilience and getting this firmly entwined into your business DNA as a joined up approach is
critical. Companies will need to place IT at the very centre of their Operational Resilience Planning.
The purpose of this article is to take you through some of the key technology ingredients that should feed
into resilience planning. Some of these ingredients are just plain obvious, but others have moved into the
spotlight as a result of our remote new world. Key considerations for successful Operational Resilience
Planning should include:
1. Knowing your IT estate inside out- Mapping what you have, knowing your outsourced support
agreements inside out and being ahead of the game. Knowing for example those applications that are
end of life and need decommissioning, or those that require upgrades to remain safe, simple and
current is key. Many legacy estates become fragile over time, particularly when there is a lack of
proper integration. This can lead to security issues. Let's face it mopping up the sins of the past is
pretty dull compared to growing the brilliance of the future. Remediation needs to be tackled head on
to remain secure and current. The situation we are in now may be putting additional strain on those
firms who made recent acquisitions, but hadn't got round to integrating back office systems. Whilst
it's not easy trying to manage this remotely, now is the time to consider making those integrations
2. Having a tried and tested Disaster Recovery Plan- Technology keeps businesses running and
ensures organisations return to a steady state once disruption ends. Whether you have traditional or
Cloud based, building DR into your planning is crucial to ensure your business returns to steady
state. End to end Software can help with this and often includes Business Impact Analysis, Risk
Assessments, DR testing and even automated notification as an early warning system. What is
crucial is this is managed holistically. There is no point just IT practising this in isolation and the
business having the assurance everything's covered. Everyone is in this together. All business areas
must play their part.
3. Ensuring Security is everything: We all cringe when Social Media headlines a company under
attack. We all breathe a sigh of relief that it hasn't happened to us. Financial Services for example are
a desirable target for cybercriminals due to the vast amounts of personal and commercially sensitive
data it holds. It is an amazing fact that more data has been produced in the past two years than in the
entire history of the human race. Keeping this data secure will only become more challenging as
businesses move away from offline, back office functions to leverage digital channels that require an
automated, speedy, round the clock customer offering. The key elements of your Cyber Security
model such as data loss software, privileged access management, network containment and overall
employee awareness of governance all need to be carefully considered and included. As social media
continues to grow security will continue to become a hallmark of your business. Planning and
replanning the “what ifs” needs to be at the forefront of your planning.
4. Building the right Infrastructure- The IT Resilience Plan will be used to protect data and ensure
companies can provide confidence to their customers. Backup and recovery solutions will be even
more crucial. Having one support software that you know really well, with your people having “least
privileges” is much more effective than having to manage this across multiple providers.
5. Remote really doesn’t mean being cut off- Prior to COVID-19 less than a 1/5 of the UK workforce
had the flexibility in place to work from home. Although confidence in technology to maximise
productively remotely has been on the ascendant, only a mere 27% of staff had been fully briefed on
HOW to work from home. If businesses continue to encourage this as a regular long term option, it is
expected there could see a whopping 85% increase in overall productivity across the business as a
direct result. So having the right remote collaboration suite of tools that compliment your estate and
your customers, with the right anti virus devices, the right end point security wrap, encryption,
phishing, version controlled, audited etc are all crucial in terms of planning. These together with
softer training in software your teams actually want to use and maintaining overall trust are key
ingredients to make planning a long term success.
6. Ensuring everyone is involved- It is imperative planning is led from the top with everyone in the
company, whether internal or outsources are playing their part. The Board must lead & own
operational resilience, with the right maturity assessments and the right levels of tolerance and risk
reported on a regular basis. In IT for example this will be outlined in The Policy Framework.
However it is crucial each department carries out their own planning, not just IT and there is a
clearly defined holistic overview. It is surprising how little Operations Resilience Planning makes it
up to Board Level as part of the risk/ ORSA discussion. How many companies just assign it with the
controls as a simple traffic light reporting all is Green? Now is the perfect time to take a good look at
what went wrong (if anything) on the IT side and to strengthen or fix existing controls. This includes
adding new controls where things didn’t go smoothly and to provide the Board of Directors (and
regulators) extra visibility and the confidence the estate is fit for purpose and operations are being
managed appropriately. Let's face it no one could have predicted Covid-19. Thinking outside the box
at future threats should be regular and reported.
Planning may sound daunting but making your business automatically resilient shouldn’t be overwhelming.
The best way is to do this incrementally, knowing what you can achieve and by when. Dividing your
approach into manageable bite sized chunks is key. It’s completely achievable running your approach
simultaneously alongside BAU.
Having a well-rehearsed business continuity plan at the centre of your operations will compliment ensuring
your business is ready to face any crisis head on. It will adapt as the success story of the future. And running
this planning across the business whether inward or with your Outsourced partners at all stakeholder levels
"Resilience is accepting your new reality, even if it's less good than the one you had before. You can fight it,
you can do nothing but scream about what you've lost, or you can accept that and try to put together
something that's good".
Drop me a message if you would like to discuss ways to ensure technology resilience and remote working
sits at the very centre of your Operating Model.