The findings were taken from Databarracks’ annual Data Health Check survey, which questioned over 400 IT decision-makers in the UK on a series of critical issues relating to IT, security, disaster recovery and business continuity practices. From a BC planning perspective, key findings include:
•25 per cent of respondents said IT directors are in charge of BC plans, down from 27 per cent in 2015
•17 per cent said IT managers are in charge, down from 22 per cent in 2015
•IT involvement is decreasing gradually, but IT leaders are still by far the most likely to be in charge of BC plans
Peter Groucutt, Managing Director at Databarracks, said: “Business continuity is a consideration for leaders across the entire business, not just the IT department. It’s fine for IT to be involved, but the overall direction should come from management in the wider business. This is the best way to ensure that BC plans are effectively implemented and embedded throughout the business.
“We’re seeing signs that more C-suite executives and other business leaders are taking control, but the pace of change remains slow.”
If we look beyond just who is ultimately in charge of the plan to which roles are involved in BC planning, the heavy bias of IT department remains. 40 per cent said IT managers are involved in this process, and 37 per cent said the same for IT directors. CEO involvement is fairly strong at 25 per cent, but only 10 per cent said the CFO is involved.
Groucutt added: “It’s important that a wide range of people – including IT leaders – are involved in writing BC plans. But we’re still not seeing enough buy-in from the C-suite. The largest companies generally have a BC manager (or even team) in place, but SMEs won’t normally have a dedicated member of staff for BC. For those that don’t, BC tends to be pushed to IT, rather than being handled by senior management.”
“IT is actually a very good department to be involved in Business Continuity Planning. Technology is now central to all aspects of operations so IT understands the impact of interruption better than most. If IT is provided with sufficient resource, budget and support from the top levels of the business it will do a great job. In practice, it tends not to be a deliberate, considered choice. It’s handed-off to IT to do as an addition to IT resilience and recovery, without an appreciation of the additional workload and without the support to embed BC across the business.
“Like cyber security, risk and governance, business resilience is an issue that must be addressed at the board level.”