Customer focus
For Jane, business continuity management today straddles the worlds of business consumer and technology provider. “However, it is apparent these worlds often have disengaged priorities, which can lead to misunderstanding, confusion and conflict, especially when a service disruption occurs,” he claims.
The problem is the IT applications and data important to the business are not always regarded as priorities by the IT service provider. This was the case with email 10 years ago, and the incongruence seems to have moved to social media and mobile apps.
“As technology platforms become more virtual, a single IT system as perceived by the end user may in reality be a union of multiple remote applications and interconnected data feeds,” Jane says. “They all need to work in harmony to deliver the satisfactory experience the end user demands. Disrupt any one component in this complex network, and the user experience suffers.”
In the case of customer service businesses, the consequences can be significant.
The City of Ryde Council is one such business. It manages $2.5 billion of land and infrastructure on behalf of its local community, and spends almost $100 million a year on services for local citizens and businesses.
As well as managing information for the enterprise, making it accessible to the local community is key. It’s also a major driver of its risk management approach. Recognising that risks are inherent in every business decision and managing those risks is critical to ensuring a robust and sustainable business, the City of Ryde recently undertook an IT disaster recovery review, driven by acting general manager, Roy Newsome.
Its CIO, Mei Ling Chu, says IT risk really equals enterprise risk. “We started by undertaking a risk assessment review to develop an understanding of enterprise risk from the information standpoint,” she says.
The exercise proved so useful the team now revisits the enterprise risk register at least once annually, and works closely with the risk management unit to develop strategies to mitigate any newly identified risk exposure.
“We also audited our IT security environment and identified a gap in our disaster recovery scenario related to the provision of services to our community,” Chu says. “We needed to think about our citizens, their information needs and what services we provide to make that information available, as well as what tolerances there are in the community to services not being available.”
In terms of information management, Ryde took an approach uncommon in the local government industry – namely managing from the data level upwards, Chu says. “One of our goals was to improve data access by defining ownership of customer and asset data, because we recognise this is fundamental to better managing data quality and access,” she says.
“Our customers want to be able to access information more responsively and we want to give it to them. By improving the quality and accessibility of data, when our system is more mature, an officer will know right away if the requested information is sensitive and allow it to be made publicly available straight away if appropriate.”
Another initiative involves moving the data centre to offsite premises, which Chu says should allow Ryde to leverage industry best practice. “It could also reduce the risk of data outages, while ensuring information is kept within a facility where it is properly protected.”
[xhead] Taking stock According to Chu, a crucial part of Ryde’s IT security approach was discovering exactly what was on hand.
“There were around 2,000 applications running in the organisation, including apps that staff had downloaded and expected IT to manage,” she says. “It wasn’t a sustainable model, so we went through a process of consolidating, standardising and simplifying our systems.
“We also had lots of systems and hardware aged up to seven years old. The recent WAN upgrade and SOE projects have addressed the legacy infrastructure to enable more flexible service provision with new technologies such as cloud.”
Injecting new expertise, and internal consulting skills in particular, has also made the business model sustainable. This now paves the way for proactive engagement with business and empowering line managers to make informed decisions about whether new technology is appropriate.
“IT doesn’t know everything, and key players in our business need to be able to learn from others’ experiences and identify opportunities presented by new technologies, but also make the business aware of the risks that might benefit council or what risks new technology may impose,” Chu says.
At the same time, she says City of Ryde Council needs to align technology purchases with the direction of the business to ensure any new initiatives are adequately resourced and meet future needs.
“Even though cloud leverages vendor infrastructure, for example, it still needs to be managed from a service or contract level, and that needs to be built into our resource planning, otherwise we will find ourselves fighting fires again,” she adds.
Decisions to embrace any cloud-based systems need to explore the additional risk which comes with the change, Chu continues. These include the complexities around how these systems interface with other systems such as HR, the maturity of the product on offer, and its price.
“Like most councils we have to manage our resources extremely carefully, so for us timing is everything,” she says.
All of the risk management activities undertaken over the past two years support Ryde’s e-Business plan to make more services and more transactions available online. “Everything we do is intended to make the lives of our customers better, and this will be a big step forward,” Chu says.
Janes agrees this makes good business sense. “The expectations from the business and customers are also changing as users become accustomed to remote access and constant availability.
“When these IT services are disrupted, as they inevitably will be, the end users’ tolerance of loss of service is becoming even less forgiving than. Proactively managing any perceived risk, no matter how unlikely, will ultimately benefit the business bottom line.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.