The role of ICT in ensuring business continuity

  • 24 Jul 2024
Noggin-BCI July 2024_600x300px - eNewsletter.jpg

The modern enterprise runs on digital technology. Whether its operational efficiency, worker productivity, or cost savings, those technologies give organizations a competitive advantage.

But what happens when technology goes offline or is otherwise unavailable? Work can’t just stop, or the business will face stark consequences. 

To ensure a level of readiness to maintain critical functions after disruption, businesses must stress-test their ICT (information and communication technology) to prepare for the worst. 

What should those preparations entail? This article lays out the role of ICT in ensuring business continuity.

Why ICT readiness is important

But why bother in the first place? 

Unfortunately, ICT isn’t infallible. This wouldn’t be an issue, if critical business processes weren’t run on ICT.  

Increasingly, they are, though. Add to that, aspects of business continuity, disaster and emergency responses are themselves highly dependent on ICT, too.

That means that even the most robust business continuity preparations are incomplete without adequate ICT preparedness measures.

ICT preparedness measures

So, given the diversity of ICT, is there a consensus on preparedness measures that businesses should undertake? 

That’s a good question to ask. A number of best-practice international standards have tacitly answered; they lay out generic guidelines for ICT readiness for business continuity.

What do they say?

ICT controls in ISO 27002

Generally, these standards will direct businesses to build readiness programs around the business continuity objectives and ICT continuity requirements they’ve established. 

The controls section of ISO 27002, for instance, instructs businesses to plan, implement, maintain, and test ICT readiness based on business continuity objectives and ICT continuity requirements.

Business continuity objectives are likely to be familiar to BC professionals, but what about ICT continuity requirements?

ICT continuity requirements are the outcome of the business impact analysis (BIA). 

A subset of resources determined by the BIA will include ICT services. The BIA involving ICT services can be expanded to define performance and capacity requirements of ICT systems and recovery point objectives (RPO) of information required to support activities during disruption.

Based on the results of the BIA, the organization will select ICT continuity strategies for before, during, and after disruption. 

Plans will subsequently be developed, implemented, and tested to meet the required availability level of ICT services and in the required time frames following interruption or failure of critical processes.

As for ICT continuity strategies themselves, the standard advises the following:

  • An adequate organizational structure is in place to prepare for, mitigate, and respond to a disruption supported by personnel with the necessary responsibility, authority, and competence.
  • ICT continuity plans, including response and recovery procedures detailing how the organization is planning to manage an ICT service disruption, are: 
    • Regularly evaluated through exercises and tests 
    • Approved by management
  • ICT continuity plans include the following ICT continuity information: 
    • Performance and capacity specifications to meet the BC requirements and objectives as specified in the BIA 
    • RTO of each prioritized ICT service and the procedures for restoring those components 
    • RPO of the prioritized ICT resources defined as information and the procedures for restoring the information

Finally, the modern enterprise is supported by ICT services, increasingly so for its most critical processes.

As a result, managing ICT continuity has become crucial to responding and recovering from disruption and ensuring the continuity of prioritized activities that are themselves powered by ICT services. 

In this article, we’ve laid out some best-practice strategies to ensure ICT readiness. These strategies all fall under the banner of digital operational resilience. So, what is digital operational resilience? Check out this article from Noggin to find out.

 

More on