CIOs and IT managers must have a documented disaster recovery plan (DRP) and built-in supplier redundancies to avoid the consequences of an IT systems crash similar to the one that claimed Virgin Blue’s check-in and operating systems earlier this year, an insurance expert has warned.
IT Liability Insurance’s senior underwriter, David Gallagher, spoke to Computerworld Australia about the risks of outsourcing IT, saying that if proper procedures are not adhered to, the outcome could be detrimental.
“The risks for this type of IT failure are enormous – passengers demand refunds and reimbursement of other costs and expenses,” he said. “There is damage to the airlines brand, customer loyalty and reputation, and that means loss of future business.”
Gallagher said while IT failures have been focused on heavily in the media in recent times, he doesn’t believe this attention will diminish any time soon, with cases like the Virgin Blue outage in September costing the business between $15 million and $20 million.
To prevent system failures, Gallagher recommended that IT managers create a clear DRP that is tested regularly, as well as employing an IT provider who can respond quickly to repairing any outages.
“They must ensure there is a documented disaster recovery plan (DRP) in place, with key people always available to invoke the plan if necessary, and that the plan is regularly tested and audited,” he said.
“The speed at which their IT providers are able to respond and repair the system or switch to a redundant system will have a major impact on their client’s business.”
One way Gallagher recommended organisations ensure repairs are done quickly, was to make sure there was local support for any system repairs or upgrades.
“It has been suggested that the solid state storage device that failed in the Virgin system had been provided by a third party and a replacement was not locally available,” he said. “Having service staff for the system located overseas may also add to difficulties in fixing such an issue quickly.”
With Virgin Blue group executive Andrew David saying that after the IT system failure, Gallagher said this result was one of the risks of outsourcing IT systems.
“It’s not surprising for a business to be portrayed as the responsible party when it has an IT problem, even though it may not be directly in control or responsible for the issue or a system which has failed,” he said. “This is a risk companies face when utilising IT suppliers.”
To prevent this risk in the future, Gallagher said both the organisation and its IT supplier needed to develop clear systems.
“When something goes wrong, it’s the public face of the company, rather than the IT supplier, who is seen to be the controller of the situation,” he said. “That’s why it is so important for both companies and their suppliers to have risk management systems in place so they know how to deal with a crisis quickly.”
Follow Lisa Banks on Twitter: @CapricaStar
Follow Computerworld Australia on Twitter: @computerworldau