Business Continuity, do IT departments have enough authority?
As part of the NAS Business Continuity investigative process, there are a number of questions asked when interviewing business leadership teams.
A key question related to business policy includes asking what the current policies are and what the philosophies surrounding business continuity (and IT) might be.
Generally speaking, businesses have entrenched beliefs about what IT management is and do not generally put business continuity top of mind in daily activities. “Yes we have backups!” It’s safe to say that almost all businesses want to keep running as much as possible during disasters, but not all put forth active plans towards it. Many do not give IT enough authority to implement security and redundancy contingency plans. We find that sometimes there isn’t enough money, time, understanding, but often it’s just that there are pressing day-to-day activities that the local IT person is pressed with that the best they do is to make sure they have a backup and can restore from/to in a reasonable time.
These days, its just not enough. With the current climate of ransomware, working remotely and using your own devices for work, it’s a challenging IT environment at a minimum before throwing business continuity practices in the mix. When we find businesses that do give enough authority to IT, the ones that include IT in the business strategy, they usually fair better than the ones that don’t.
An important oversight is that accountability comes with authority. High performing teams lead through results.
Does your IT team have enough authority with technology decisions, to solicit the right budget to implement these decisions? Is there a KPI or key performance metric that is measuring benchmarks for this authority? Are they being held accountable?
When NAS does a cross sectional analysis by location, by department, by staff and comparing internal and external systems there will be differing views on impacts to business in the event of some interruption. For example, considering a multi-location business if Internet based credit-card transactions are absolutely critical, then there should be some allowances made to providing redundant connections at each site. Late in 2014, one customer had a back-hoe go through service lines. The construction crew took out every wire feeding the business block, and they were forced to wait 1 week to get service. It was an eye opener to that business to be impacted this way right before Christmas rush especially when it was found that IT had been suggesting a second wireless connection but wasn’t given the authority and budget to implement.
There needs to be a balance of course, but there are some things that just shouldn’t be skimped out on.
Having a good understanding of the philosophy of business leadership teams on Business Continuity and IT authority is an important component of business continuity discussions. Start laying out some of the reasons IT may need some authority. It only leads to better accountability and improved business continuity!
We often work with an existing team in compliment where we have some broader areas of expertise or very specific skills to compliment your team, provide some overlap and redundancies and enable a single IT technician to get a break for holidays without business risks.
If you are interested, please reach out to us via email or call us 905-524-2001 for a free consult. We’d love to chat in person about your business and learn what your pain points are. We would love the opportunity to become part of your solution that helps you sleep better at night.
Minimize stress, maximize success.