Banks and their customers will be better protected if the Financial Services Authority’s new recommendations on disaster planning are followed to the letter, business continuity and IT experts Phoenix said today.
Phoenix argues that modern technology and specialist knowledge for organisations to have ‘always on’ systems is readily available and there is no excuse for Banks not to have entirely robust IT infrastructure and effective recovery plans.
Phoenix, which provides IT, workplace and software disaster recovery services to over 2,000 firms including banks, building societies and investment firms, maintains that improvements in IT technology and network speeds allow firms to implement real-time fail-over in a way that would mitigate most major incidents.
Mike Osborne from Phoenix states: “Too many firms have an outdated approach to IT disaster recovery that has a ‘fail and then fix’ mentality. We are able to provide duplicate datacentres that can instantly pick-up the load of a failed system, we also have standby offices that can offer full trading, call centre and admin support functions in under an hour, and voice and data networks that can switch calls and external access to the recovery site in seconds. In addition to offering an ‘always on’ solution, these standby services can also be used to benchmark and pre-test applications and changes prior to them being put into the main production systems thus avoiding the type of software glitch experienced by RBS.”
Of all industries, banking is hit hardest by downtime as everything depends on business running smoothly. When many banks are strapped for cash to spend on IT overhauls and are using out-dated systems, business continuity is seen as an expensive additional cost. But a full disaster recovery review will do a great deal to prevent the otherwise inevitable damage to reputation and profit line following a critical failing. Although not every eventuality can be planned for, full preparation shows due diligence, compliance with FSA advice and minimises further blows to reputation, which the banking sector would certainly rather avoid.
Phoenix has also noted a worrying trend to reduce the number of specialist staff capable of understanding and responding to major incidents and this could expose firms.
“The recession has seen a reduction in the size of disaster recovery teams across the board”, states Osborne. “The danger here is two-fold, first that the expertise isn’t available or deep enough to manage any incident and second that recovery plans that have been written and tested, quickly become outdated as a result of the business and people changing over time. These are really important points because an out-of-date and untested plan provides a false sense of security for firms and invariably will fail at the very point they are relied upon.”
Phoenix advises that firms take three simple steps when it comes to planning:
Firstly it is quite easy for applications to ‘drop off the risk map’ and their subsequent failure to cause unforeseen consequences. Firms should ensure that the dependencies between the departments/systems and applications are fully understood.
Secondly, ensure that recovery plans are easy to follow and usable in practice and not just a box-ticking exercise. We call these ‘break the glass and implement plans’ and they need to be usable under the stress of a real incident in order to ensure that agreed actions are being.
Finally, ensure that the entire plan is kept properly up-to-date in line with the inevitable changes in the business. All too often a plan is agreed and then left on the shelf, particularly if resource has been reduced. All these issues can easily be resolved by implementing specialist planning software such as our Shadow-Planner suite which will map, create plans and distribute the updating of plans directly to the experts within the business.
