Paul Siu Head of Service Delivery, Digital Solution

Paul is responsible for overall projects implementation, and to provide support on pre-sale related activities in driving new business. With 30 years of related experience, Paul has previously implemented various mega projects across industries and government sector like container port automation, Information Strategy Review and Recommendation, 1st generation of HK Smart ID Card, e-Tax Filing, and Transportation Information System.

Key Takeaways
Firms need to continuously focus on mission-critical infrastructure, and not focus solely on innovation
The best measure to combat risks is to ensure that you are always ready for one
Incident management is an organization-wide program. A robust process that is constantly updated can help to take the rights steps to recovery
Share
January 29, 2018
Enterprise Applications
Remember, Defective Mission-Critical Apps spell business disasters

In our rush to embrace innovation and new services, we sometimes forget the importance of a robust infrastructure for your mission-critical apps. Maintaining one may be boring and not newsworthy, but the performance of your mission-critical apps roots your firm's future ambitions on solid ground. You can then pursue innovation and deploy new services, without worrying about unforeseeable incidents blindsiding you or shaking your foundations.

The recent power outages and transportation delays show why firms need to continuously focus on mission-critical infrastructure, and not focus solely on innovation. While many of these firms have the appropriate processes to mitigate unforeseen situations, they need to be tested, updated, modernized and re-examined continuously. After all, it takes only a single outage or incident to cascade into an organization-wide disaster and erase the trust built with consumers.

Enabling Resilience

Disasters can occur to any firm, no matter how prepared, and at any time. The best measure to combat such risks is to ensure that you are always ready for one. Many firms tend to shrug away from investing in resilience and disaster recovery, but it quickly pays off in their ability to recover from incidents such as these and mitigate risks.

In fact, in today's always-on, 24x7 business world, ensuring resilience is a CIO's mandate. Thankfully, disaster recovery is no longer an expensive exercise; it can now be subscribed to as a service.

Below are some best practices:

  • Continually assess your current mission-critical systems based on their resilience, reliability, and sustainability
  • Invest in proactive detection so you will be alert to any upcoming failures or problems before they transform into disasters
  • Always review using exercises and drills to ensure current disaster recovery processes have no single point of failure
  • Prioritize risk management recommendations so that they do not get buried under other mundane requests
  • Establish a clear channel with frontline staff for any operational-related problems as they will be the first to be called out by clients, media and the public

The above offers a glimpse of the key actions you must take to ensure your mission-critical systems are resilient. In short, it is about risk and cost management. The proactive steps reduces the risk of being caught out unawares.

If you unsure how to begin or whether your current one is adequate, invest in assessment services and consulting. Or drop us a line; we are always happy to share our experience and lessons.

Incident management

While assessing your current infrastructure for resilience is important, you cannot avoid all incidents or disasters. One is always around every corner. Terrorism, natural disasters, and even human errors are unplanned risks that every CIO live with every day.

A proper incident management process helps. It can help your firm to de-escalate an incident, address the most important risks, offer clarity in a chaotic situation, and control the damage.

When an incident is handled correctly, you will also gain the admiration of your consumers and clients. It tells them confidence that you have their interests in mind and are adept at keeping any situation under control.

A typical incident management program would include:

  • A clear process for updating major stakeholders (including the public) when an incident occurs to eliminate rumors and speculation
  • An emergency center or war room for managing the overall situation
  • Careful messaging, including timely press updates, to manage inevitable bad press coverage and offer clarity
  • Quick follow-up procedures so that relevant parties always have the right information

Incident management is an organization-wide program-not an IT mandate. When an incident occurs, there will be panic and misinformation. A robust process that is constantly updated can help to reduce the panic, centralize the control of the outcomes, and keep key stakeholders informed. Mostly, it gives you enough room to breathe, take stock of the situation and take the rights steps to recovery.

Curious about building your incident management program, or assessing the effectiveness of your existing one. Talk to us.