As companies increasingly rely on IT to operate effectively, it is essential to ensure information is secure and risk is managed.
As good corporate governance becomes a fact of doing business rather than an option, directors may be held personally accountable in cases of negligence - in line with the recommendations of the King II report. It is part of the directors` duties therefore to guard the company against risk - to become aware of the risks and ensure they are adequately covered.
One such risk is an IT failure. In an increasingly globalised and competitive business environment, most companies cannot afford even an hour`s downtime when there is an IT failure, whether this is due to a power failure, flood, fire, hardware breakdown or for any other reason.
For many businesses, downtime may be a death knell. Many cellphone subscribers, for example, will hastily switch to the competition should there be no signal from their service provider for a day.
It is surprising then, that only an estimated 5% of South African businesses employ a business continuity system.
Business continuity goes far beyond disaster recovery. It encompasses everything that is needed for your business to continue functioning during an IT failure, whether it is the call centre, treasury dealing room, PCs or the whole company that is affected.
Business continuity embraces a holistic solution; each system is designed uniquely according to the client`s needs. A consultant analyses and assesses all the risks that may be encountered when there is an IT failure, as well as the risks that will make a business vulnerable to such a failure.
To stay on top of exposure to risk, a scorecard needs to be compiled for regular self-assessment by every business unit. This scorecard should cover details of who has access to what information; how secure systems are; how aware staff are of risks; what safeguards there are and how information is classified.
New electronic channels and the "extended enterprise" have great potential, but they increase the potential for security violations, and they open new challenges in terms of privacy.
Many businesses, and especially financial institutions such as merchant banks, hold sensitive information about their customers. Good governance requires that this information be fiercely protected. Failure to do this is a threat to the business.
The trend towards disintermediation in business - where the middleman, such as a broker, is taken out of the loop - lays companies open to risk. Wherever customers have access to a company`s Web site, that company is at risk of being hacked into.
However, often the risk emanates internally: administrators who are the sole source of vital information regarding access, for example, or a disenchanted employee seeking revenge.
Many companies have experienced solid results from installing a system which tracks administrators` activities - a watchdog which tracks which rights are assigned when and where.
Again, this is part of ensuring that the information residing within a business is secure, confidential and yet easy to access should there be a hitch in the IT processes.
Share
Editorial contacts