Governance ensures operational resilience during lockdown
IT governance builds resilient businesses. It puts in place the protocols and mechanisms that are necessary to ensure business continuity during times of upheaval and sustainability over the long term. At the same time, optimising IT resources and operational efficiencies can reduce costs while enabling better risk management.
Proof of this is an organisation in the rubber industry that could mobilise its remote workforce within 24 hours and keep people, processes and technology in sync for unhindered continuity throughout the unprecedented national COVID-19 lockdown.
The company, a leader in the supply and manufacturing of precure tread and consumables in South Africa, started implementing IT governance in their organisation in 2019. This move placed the organisation – considered a ‘worst-case scenario type of company’ during the lockdown because its core business operations were heavily restricted – in good stead to navigate and survive the shutdown.
“Despite shutting down the company’s core operations for the lockdown, administrative and sales functions were able to continue without any disruption during the nationwide lockdown. And with IT and operational technologies (OT) more aligned, the organisation was also able to step up from operating at 10% capacity in April 2020 to 100% in May. This is in part due to the groundwork laid during the governance project we started last year,” says Leader Rubber’s Financial Director, Andrew Summers, who spearheaded the project with AVeS Cyber Security.
Overhauling the organisation’s information systems and assessing the value of the various technology solutions at play helped the organisation to persevere during this uncertain time. Bolstering the environment with more effective processes and ensuring that IT tools are linked to the needs and goals of the organisation also provided resilience.
“This shows that good governance is not only a good tool to help services-based businesses survive during tough economic times, but operational technology businesses as well. Companies need to empower their governance capabilities, not only from a business continuity perspective and to better manage risks, but also because governance-conscious customers and partners are expecting it,” says Cecil Munsamy, Managing Director at AVeS Cyber Security. He was commissioned to implement an IT governance framework and prepare the IT security policies and procedures for this manufacturing company.
Prior to the governance project, the organisation had no integrated view of governance, IT systems or cyber security. People, processes and technology were not aligned, creating inefficiencies as well as security vulnerabilities. External service providers that were linked to the company’s networks had unwittingly created significant cyber security gaps. The networks were not segregated, and many computers on the factory floor were not equipped with anti-virus software. Newly installed cabling and cameras had also placed strain on the network, causing it to slow down dramatically.
“The company had to look at their overall business environment and the value of the different solutions they had. They had old technologies, an environment without processes and there was no link between the business's goals and the technology they used,” Munsamy recalls.
“After an information security assessment and IT governance workshop, a roadmap was put in place to look at people, processes and technology inputs, and align each of these outputs to enterprise goals. The roadmap includes an OT strategy, which will be implemented soon. The company successfully moved from a one-man-band IT manager to a team of highly skilled professionals, resulting in lower IT costs as specialist outsourced skills are only accessed and paid for as needed. We also implemented an organisational change management process to assist people with adapting to the new ways of working, which is especially important in an age where operational technology systems are connected to the Internet.
“This organisation did not have a work-from-home culture, but when the lockdown was announced, we could have all the office personnel working from home in 24 hours. Virtual networks were easy to set up because the correct firewall was already in place. All the servers are in the cloud, which allowed employees to access the necessary company resources from home. If the company had the same infrastructure as two years ago, before the governance implementation, nobody would have been able to work from home. The legacy systems would not have been able to support it, and the necessary cyber security would not have been in place at that time either,” says Munsamy.
“The link between governance and business continuity is often missed by businesses. Yet, they are inextricably linked. The probability of surviving and thriving in uncertain times and through a crisis is much higher for those that have good governance in place compared to those who don’t. This client is a case in point,” concludes Charl Ueckermann, CEO at AVeS Cyber Security.