4. Appoint an IT risk ombudsman. In addition to a chief risk officer, it may be helpful to appoint an IT risk ombudsman, a respected senior manager to whom IT staff can raise concerns without fear of personal exposure. The ombudsman should be a veteran technologist with a deep understanding of the whole IT architecture, and be able to spot problems without agendas or affiliations.
5. Rethink robustness: Robustness means more than the number of backups; it includes labour availability and partner capabilities. For example, a top credit-card processor's call centres were shut down after a hurricane cut off the staff's access to clean water, but the company was able to shift call volumes to outsourced centres.
6. "De-average" the data. Customers don't care about averages when systems are compromised by downtime at the worst possible moment. By using averages as benchmarks, you're effectively saying, "If it's not likely to happen, it's okay to be poorly prepared."
7. Fix the whole thing, not just elements. Instead of rebuilding application by application, identify how each application maps to the technology platform and related (usually integrated) applications. Fix them in concert for faster results. Smart disaster recovery strategies call for a permanent shift in mindset - away from compliance and complacency, and toward a heightened sense of readiness. As organizations, business processes, applications and infrastructure grow, new failure and recovery scenarios will continue to emerge. Unless an organization designates roles and trains staff for comprehensive recovery scenarios, downtime minutes will turn into hours, and hours into days. Customers are likely to feel the impact and take their business somewhere else. There can be no better reason for CIOs to act.
Craig Sands is an Executive Partner within Accenture's Systems Integration & Technology practice in Canada. His focus is on helping clients become high performance businesses by aligning and executing IT-driven business strategies.
Andrew Truscott is Security Lead for Accenture in Canada. His is one of the company's thought leaders on security issues, leading projects across Canada.