1 minute read
INFORMATION TECHNOLOGY: TODAY’S RISK FRONTIER FOR BUSINESS
In April last year, the TSB Bank began a long-planned transfer of customer data from its former IT platform, which sat with its former owner Lloyds, to a new one designed by the Spanish bank Sabadell, which bought the TSB in 2013.
The bank warned customers that some services might be temporarily unavailable, but what transpired was an information technology fiasco.
Some customers couldn’t log into their accounts or worse — could see the bank accounts of others. Other accounts were showing incorrect balances.
Such a monumental failure in technology cost the bank its reputation and led to the unceremonious dumping of its Chief Executive. The bank haemorrhaged customers and, according to reports, cost TSB and Sabadell around £200 million.
Could such a crisis have been anticipated or mitigated? It should certainly have been anticipated but could only have been mitigated with proper planning, according to Simon Hearne, Cyber and Systems Engineer at TechOp, a Cheltenham-based IT managed services provider.
He said: “It is unwise to assume that things won’t go wrong in migrations of this magnitude. Taking into consideration all possible outcomes by undertaking what we call pre-mortem exercises would have enabled detailed planning and anticipation of off-plan scenarios. By doing this you can ensure there is a clear technical and communication plan for all outcomes.”
While it is complex to estimate or measure the impact of operational failure or reputation damage, he added, it is best to accept it as a possibility and have all relevant parties at the ready to handle it.
“With all aspects of operational resilience project management, you should anticipate, prepare for, respond and then adapt. Business often applies this methodology to reactive scenarios when in fact often it is proactive projects that need more of this attention.”
As with all operational changes you should plan carefully, avoiding unrealistic timescales, cutting corners and ignoring lessons previously learned.
A clearly defined project plan that identifies all the risks ensures there are clear guidelines and responsibilities to mitigate them. A useful exercise is to have pilot migrations to hone the operations needed to ensure a smooth transition.
“There is no substitute for testing before deployment, and no substitute for detailed planning,” added Simon.
