Information availability: why the board should take an interest
Information is the lifeblood of any organisation and central to every process. Information cannot be bought, only earned and, whether it sits as data in IT systems, as paper in filing cabinets or as knowledge within the brains of employees, it must be protected and, even more importantly, available at all times. Information availability (IA) has come of age. The issue for company and organisational boards is not ‘Do we need an IA strategy?’ but ‘Is our IA strategy good enough?’ The Organisational Imperative The poet T.S. Eliot posed the question: “Where is the wisdom we have lost in knowledge? Where is the knowledge we have lost in information?" Information without knowledge is simply data, as is knowledge without understanding. Data is vital; but it is useless without the infrastructure to access it; without the processes to manipulate it and without the people to understand and use it. But to consider IA as merely data protection is to miss the point: it is about keeping people and information connected all the time. The board’s responsibility Many boards believe that taking out business interruption insurance will meet the organisation’s needs following an incident or disaster. This is not the case. Insurance is only part of the requirement and does not absolve directors from their wider duty of care to act in the best long-term interests of their organisation. Insurance provides no protection; it only provides compensation. Insurance will not enable your organisation to keep operating through a disaster; nor will it protect your organisation against system downtime. Insurance will help you recover your infrastructure and your premises but provides no recompense for the loss of the most critical asset - your information. How to proceed Who actually owns the information is another grey area. Whilst virtually all of it will be held in IT systems, actual responsibility for its safekeeping may lie elsewhere. For example, finance departments are legally responsible for the data they use. Once the information flow is understood and mapped, it will become clearer where the weak points are. New questions now need to be asked: What are the risks to the information flow? What external and internal dependencies exist? What safeguards need to be put in place to ensure that information is always available? It is the board’s role to ensure that these questions are asked, answered and acted upon; however the day-to-day process of asking the questions and providing the answers will then be passed on to a technical team. The report from which this article is an extract provides help, advice and support for this team as it addresses the IA challenges of today and looks ahead to the challenges of tomorrow. Look at information flow The process of mapping the information flow not only allows the identification of areas that need protection, it also identifies bottlenecks and other areas of improvement. This allows new processes and procedures to be put in place, which make the organisation more efficient. Areas of redundancy and duplication can also be identified, allowing for cost savings and increased agility. Having an IA strategy in place also provides benefits in terms of reputation. It not only reduces the risk of reputation damage but it has been shown in research (1) that organisations, which handle crises well, gain positive impacts upon their reputation and share price. The organisation that successfully operates a true IA culture will have systems that are more effective and more fully utilised than their competitors are. It will have constant access to the information, knowledge and business intelligence that it needs to operate at its most efficient level. Such a company will be able to maximise the return on investment it makes in business processes. Effective IA can engender more productivity and reliability – necessary for sound partnerships and supply-chains; for meeting deadlines and for delivering projects on time and on budget. However, beyond the day-to-day benefits, IA brings a more entrepreneurial advantage. The organisation that recovers most quickly from a wide-area disaster is the one, which is able to capitalise on the situation. Disasters create new markets and open up existing ones. This may allow the rapid development and launch of new products, or, if your products and services are available when a competitor’s are not, a business can gain temporary market share, which may become permanent. Why now? If your organisation already has an IA plan then it is time to reassess it; to ensure that it is fit for purpose in an ever-changing world. If you have yet to implement IA, it is time to make a start. Given the knowledge that exists about IA and the obvious and very strong benefits that IA brings, it could be argued that it is simply unethical for an organisation not to address the issue. The time to act is now. If information is the lifeblood of the organisation, then IA is the heart that keeps the lifeblood pumping and which keeps the organisation alive. (1) Knight and Pretty: The impact of catastrophes on shareholder value, 2000. Oxford Executive Research Briefings From Adversity to Availability
•Date: 30th May 2008• Region: UK/World •Type: Article •Topic: IT Continuity |
