IT risk management with QRMCInformation technology systems have become entirely embedded in the way we do business, from the smart phone your plumber uses to set appointments and record billable time, to the networked computers housing the secured data of a global bank.

The maximisation of efficiencies and productivity brought by the technologies we use have offered countless opportunities to modern organisations to achieve their business objectives. However, they’ve also brought a suite of new risks which we ignore to our peril.

With technology providing the backbone of most business operations, including payroll, communication, procurement, debtor and creditor management, sales management, marketing, document control and archiving etc., even the short term loss of functionality can have a big impact. If the loss of technology infrastructure and/or data were permanent, such as might result from a building fire or a serious cyber attack, the impact would be catastrophic.

It is not uncommon for businesses to take their IT systems for granted because they’ve always worked before: however, the fact that a business has never suffered a catastrophic IT loss in its history provides no protection from, or lower probability of the risk occurring in future. Therefore, risks to IT systems must be managed to ensure business continuity.

Potential risks include all the obvious things that most organisations plan for, such as fire or flood, a server crash, or loss of power. However, they also include things that might not immediately come to mind, such as accidental or malicious damage, vandalism or sabotage by disgruntled workers, viruses and cyber attack.

Also, a business continuity plan which concentrates only on having the data securely backed up is not sufficient. Getting the business operational again also includes having that data available and operational in the organisation’s various functions and customised applications etc., which will take time unless systems and infrastructure are in place to speed the process.

Good business continuity planning for your information technology therefore requires consideration of the following critical elements:

  • Backup of data off site, preferably in two different locations
  • Confirmation of the integrity of data after back-up
  • Availability of a virtual standby server that mirrors critical servers and applications, or other relevant infrastructure to immediate recreate your organisation’s functionality
  • Regular test restorations of data and applications to the backup location/equipment
  • Documentation of all roles and responsibilities for activating the plan
  • Developing a formal IT incident response plan.

Please contact QRMC for more information.