Most IT directors have more faith in thebusiness continuityplans of their
organisation and its suppliers than a year ago, research by
Computer Weekly has revealed.
In the latest
CIO Confidence Index survey of 145 UK IT directors 67% said
their business continuity plans were robust, up from 57% a year
ago. The number who did not feel their continuity plans were robust
decreased by 12 percentage points to 32%.
Sixty five per cent said their suppliers' business continuity
plans were robust - an increase of seven percentage points in the
past year.
The results reflect the growing awareness among firms that an
incident at a major supplier could adversely affect their business
unless the supplier has a robust business continuity plan in place,
said Ian Houghton, continuity manager at insurance firm Royal &
SunAlliance.
"Business continuity management is generally taken more
seriously than before, and is now becoming a recognised skill with
experts driving it, rather than the old way of dusting off the plan
once a year to review it when you have got nothing else to do,"
said Houghton.
Despite the rosy picture,
business continuity specialists say companies still need to do a
great deal of work if they want to protect themselves
fully.
Steve Salmon, principal adviser at professional services firm
KPMG. said findings from the Financial Services Authority's
resilience benchmarking showed clearly that technical resilience
had improved.
"But this only addresses IT continuity at the operational
level," he said. "There persists a disconnect between what the
business requires and what IT delivers."
Salmon said difficulties include poor communications between the
business and IT, and a lack of focus and investment in resources
for pulling the business and IT together to draw out a common
understanding of requirements and capabilities.
In addition, poorly tested systems gave firms a false sense of
security. "Reporting successes of limited testing may give false
assurance to the business around its capability to survive a
disaster," he said.
Justin Clark, an independent consultant on operational risk
management, said that although the CIO Index results indicate there
has been a move in the right direction, the views of IT directors
represented only one piece of the jigsaw puzzle.
"To measure a real improvement in the level of preparedness, one
should survey senior executives outside of IT. I dare say awareness
would not be so improved outside of the IT function, and I would
like to know if IT directors felt they had a better integration in
the wider enterprise risk function of their respective
organisations," he said.
Houghton said although the CIO Index findings concerning
business continuity were positive, more work needed to be done in
raising awareness, and it was not a time to become complacent.
Business Continuity Institute
>>
Stuart
King's risk management blog >>