CA Community






This Blog
Syndication

Who said that IT is not critical to the business?

Published: July 14 2009, 11:44 AM
by Robert Stroud

I am back on my "soap-box" that Business IS dependent on IT! 

I can already hear the groans from many of you - not this topic again!  But bear with me. I have another example, a timely one, yet again from the airline industry. 

On July 2, just prior to a US holiday weekend, United Airlines experienced "a computer glitch."  The computer glitch couldn't have come at a worse time as it grounded United flights in Chicago and caused huge passenger back ups, inconveniencing thousands of passengers, including one of my colleagues attempting to get back to San Francisco from a meeting. According to the various reports I read, the computer glitch started at 1:30 A.M. in the morning and was resolved around 9:45 A.M. with the impacts being felt for most of the day to passengers and staff. 

CBS2 in Chicago says on its website that "United passengers were stranded on the sidewalk in front of Terminal 1 at O'Hare. A ground stop program was placed into effect for United flights, and none of them were leaving the airport. Flights were still arriving."  View the video here. While ABC 7 in Chicago reported "many incoming planes are having a hard time finding a place to land, delaying both departures and arrivals." The obvious impacts on the airline included that self-check kiosks didn't work and all passengers who didn't have boarding passes had to wait in lines of up 1000 people while boarding passes were manually written, planes probably departed without passengers and then the costs to airline of rebooking, additional staff costs  and facility charges as planes lined up on the airport tarmac as flights arrived and departing planes remained stranded at the gates. These are all tangible costs but the real impact is one of reputation. I for one was advised of the event on Twitter and a quick search this morning of the event led me to 15,700 mentions.

As the news feeds identified this was not the first time that United Airlines have been impacted. A similar event on June 20, 2007, when a computer failure grounded hundreds of United flights for at least two hours across the country.  I believe this failure impacted the systems that recorded a plane's weight, balance and fuel.  

Now the news was not all bad for United Airlines as they appeared to have developed some contingency measures following the 2007 event and I am certain that a combination of appropriate IT planning and the excellent work of staff assisted. 

Now in terms of best practice, the COBIT framework from ISACA provides excellent guidance for the management of critical technology component in an environment where business in totally dependent.  The COBIT framework provides a control objective for  IT  continuity which is titled - DS4  - Ensure Continuous Service.  As with all other COBIT control objective detailed guidance includes; a list of goals, metrics and a RACI chart (responsible, accountable, consulted and informed) identifying who is responsible for what.  COBIT also provides a maturity model to rate an organization's business continuity plans and progress and further identifies the key activities required for example;

  • Develop a framework that creates consistent processes for IT continuity.
  • Develop IT continuity plans based on the framework that are designed to reduce the impact of a major disruption of key business functions (see additional information below).
  • Focus attention on the critical IT resources, and establish priorities in recovery situations.
  • Ensure that the plan is kept up to date and reflects actual business requirements.
  • Test the IT continuity plan on a regular basis to make sure that IT systems can be effectively recovered, shortcomings are addressed promptly and the plan remains relevant.
  • Provide regular training on the IT continuity plan.
  • Plan the actions that need to be taken while IT is recovering and resuming services--activation of backup sites, customer and stakeholder communication, and resumption procedures. Make sure the business understands IT recovery times.
  • Store off site all critical backup media, documentation and other resources necessary for IT recovery and business continuity plans.
  • Establish procedures for conducting post-resumption reviews.

The IT continuity plan must be aligned with the business continuity plan to ensure that:

  • Risks are appropriately identified and evaluated by focusing on impact on business processes for known and potential risks
  • The costs of implementing and managing continuity assurance are less than the expected losses and within management's risk tolerance
  • The business priorities are addressed (critical applications, interim processes, restoration activities and mandated deadlines)
  • Manual interfaces to automated processes are identified, personnel are trained, and practice drills are conducted
  • Expectations are managed with realistic goals

Now in the case of United Airlines and any business that is dependent upon technology, it is critical that appropriate consideration is given to the delivery of continuous service and what are the appropriate steps and value in managing the risk of it not being delivered.  This is driven from the business and IT is the vehicle to execute.

Now it's off to the airport and a flight to Chicago!

Share this post:  
Tags: , , , , , ,
Leave a comment

 

By: Robert Stroud
Robert Stroud serves as VP and as Service Management, Cloud Computing and Governance Evangelist at CA Technologies. Robert also serves as an International vice president of ISACA, is part of the Framework committee and was the former chair of the COBIT Steering Committee. Robert also serves on the itSMF...
Read More..

1 person has left a comment:

I recently blogged using the airline industry as an example of the dependence of IT and within hours

Posted by: CA on Service Management | July 24, 2009 2:27 PM

Leave a Comment

* An asterisk indicates a required field

* :  

:

* :  

 Submit