CIOs voice increasing confidence in business continuity plans

Most IT directors have more faith in the business continuity plans of their organisation and its suppliers than a year ago, research by Computer Weekly has revealed.

Most IT directors have more faith in the business continuity plans of their organisation and its suppliers than a year ago, research by Computer Weekly has revealed.

In the latest CIO Confidence Index survey of 145 UK IT directors 67% said their business continuity plans were robust, up from 57% a year ago. The number who did not feel their continuity plans were robust decreased by 12 percentage points to 32%.

Sixty five per cent said their suppliers' business continuity plans were robust - an increase of seven percentage points in the past year.

The results reflect the growing awareness among firms that an incident at a major supplier could adversely affect their business unless the supplier has a robust business continuity plan in place, said Ian Houghton, continuity manager at insurance firm Royal & Sun­Alliance.

"Business continuity management is generally taken more seriously than before, and is now becoming a recognised skill with experts driving it, rather than the old way of dusting off the plan once a year to review it when you have got nothing else to do," said Houghton.

Despite the rosy picture, business continuity specialists say companies still need to do a great deal of work if they want to protect themselves fully.

Steve Salmon, principal adviser at professional services firm KPMG. said findings from the Financial Services Authority's resilience benchmarking showed clearly that technical resilience had improved.

"But this only addresses IT continuity at the operational level," he said. "There persists a disconnect between what the business requires and what IT delivers."

Salmon said difficulties include poor communications between the business and IT, and a lack of focus and investment in resources for pulling the business and IT together to draw out a common understanding of requirements and capabilities.

In addition, poorly tested systems gave firms a false sense of security. "Reporting successes of limited testing may give false assurance to the business around its capability to survive a disaster," he said.

Justin Clark, an independent consultant on operational risk management, said that although the CIO Index results indicate there has been a move in the right direction, the views of IT directors represented only one piece of the jigsaw puzzle.

"To measure a real improvement in the level of preparedness, one should survey senior executives outside of IT. I dare say awareness would not be so improved outside of the IT function, and I would like to know if IT directors felt they had a better integration in the wider enterprise risk function of their respective organisations," he said.

Houghton said although the CIO Index findings concerning business continuity were positive, more work needed to be done in raising awareness, and it was not a time to become complacent.

Business Continuity Institute >>

Stuart King's risk management blog >>

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.