When a major IT failure strikes, organisations don’t get a second chance to prepare. Decisions must be made quickly, and IT information needs to be trusted, accurate, and accessible. This is where business continuity (BC) software can play a crucial role in strengthening IT service continuity (ITSC). In this article we consider what you can do to prepare in advance of an IT failure occurring and then look at how BC software can help.
It’s helpful to clarify some key terms:
“IT critical incident”
The highest severity level of IT incident. This typically requires the recovery of multiple IT systems and is managed by the core IT management team rather than a single Incident Manager. A priority 1 or IT major incident might escalate to be an IT critical incident.
“IT Service Continuity” (“ITSC”)
An umbrella term covering the preparation for, prevention of, and response to IT critical incidents, this encompasses concepts which may be more familiar, such as “IT resilience” and “IT disaster recovery”.
“ITSC owner”
The person in the organisation who is responsible for understanding, documenting and recording ITSC requirements. This may be the Head of IT (or another person in the IT business function), or possibly the Operational Resilience Manager / Business Continuity Manager. If there is no person assigned this responsibility during business-as-usual at your organisation, identify who would have this responsibility during an IT critical incident.
Business-as-usual (BAU)
Day to day operations, outside of a major critical incident.
Regardless of whether they use dedicated business continuity software or not, organisations tend to have varying levels of understanding of their IT service continuity requirements. At the most basic level, this may be no more than a list of the five to ten key IT systems that require priority recovery during an IT critical incident. As organisations grow, so too does the number of systems, interdependencies, and the overall complexity of recovery requirements.
One of the biggest challenges for ITSC owners is the difficulty of obtaining, validating, and maintaining this information. Stakeholders across the business have competing priorities, and ITSC owners themselves may be focused on more immediate operational demands. Crucially, when an IT critical incident occurs, there is no opportunity to catch up on this foundational work. If ITSC requirements have not been thoroughly understood and documented during BAU, the resulting gaps can lead to inefficient incident management and significantly higher impacts on the business.
During an IT critical incident, there is no opportunity to undertake these principal steps effectively:
During an incident, the ITSC owner must rely entirely on what has already been recorded, regardless of how complete or accurate it is. This information will quickly be scrutinised by senior stakeholders, including executive leadership, making clarity and confidence essential.
Here are the key things you need to ask, to sense check your ability to manage a major IT failure:
If you can answer all of these questions with a “yes”, that’s great. You’ve done the fundamental groundwork that will pay dividends when you’re faced with an IT failure. If not, it’s important to invest the time to do the above steps and get prepared.
One of the most frustrating scenarios we see as a business continuity provider is when an organisation has a solid plan mapped out but has not reviewed or updated it for some time. Organisations don’t stand still. So much happens within an organisation relating to the business, personnel, processes and technology, it’s unlikely old plans will be fully effective and they can even hinder a recovery situation.
Do your key IT people know where your IT Service Continuity information is stored? Is it readily accessible to all those who would need it, whenever they are likely to need it (which could be, “out of hours”)? Is the information captured in BC software, or is it distributed across documents, often spreadsheets, that may be difficult to maintain and validate? If the latter, ITSC owners and stakeholders should consider whether the data can truly be trusted.
Consider the following questions if your ITSC data is kept in spreadsheets or other documents, rather than BC software:
Given that there is little to no time during a critical incident to resolve issues like these, ITSC owners risk presenting inaccurate or untrusted data to recovery teams and executives.
Business continuity software makes it easier to record and update potentially complex information regarding IT dependencies, RTOs and RPOs. Dedicated BC software provides a stable, structured environment for maintaining ITSC data. Rather than relying on potentially fragile documents, information is held in a platform designed specifically to support continuity and recovery planning. It’s also easier to make relevant information available to everyone who needs it.
This delivers clear benefits during an IT critical incident, but the advantages also extend well into BAU operations.
Key benefits include:
BC software automates many tasks that are labour-intensive and error-prone in spreadsheets, freeing ITSC owners to focus on planning, strategy, and exercising.
IT teams gain better visibility of dependencies and priorities, supporting more informed responses to day-to-day incidents as well as major outages.
BC software can consolidate and report on large amounts of data much faster than copying and pasting spreadsheets together. This can give organisations a faster and more accessible insight into how IT systems support critical services, helping to guide smarter, more targeted investment.
Ultimately, IT service continuity depends on preparation. When requirements are clearly understood, regularly maintained, and stored in a trusted system, organisations are far better equipped to respond effectively under pressure.
By using dedicated business continuity software to manage ITSC requirements, organisations strengthen both their BAU capabilities and their ability to manage IT critical incidents, creating a more resilient, confident, and responsive operation overall.
Note:
References to “Business continuity software / BC software” above reflect the author’s knowledge and use of Wavenet’s Shadow-Planner, and are not a statement of the capability and functionality of any other BC software products produced by other organisations.
David Davies MBCI
David joined Wavenet from Barclaycard where he was a key member of the business continuity relationship management team, responsible for embedding IT service continuity across the organisation. He had previously held several other business continuity and IT service continuity positions for organisations including IBM Global Services.
David has become a highly respected consultant in the industry, initially with Jermyn Consulting and then with Wavenet. Over this time, he has delivered BCM and ITSC professional services to 100+ organisations.
He has delivered advice and solutions to organisations in the financial services, healthcare, housing, manufacturing, retail, technology, and transport sectors.
In 2019 David was named 'Continuity and Resilience Consultant of the Year' at the Business Continuity Institute's European Awards and was shortlisted in the 'Advisor of the Year' category at the CIR annual Business Continuity Awards.