Having worked for "Ma Bell" and her successors, I have been through this cycle every 3 years since 1975. I have seen the planning as an observer and as the IT Project Lead for BCP in 2006.
It is imperative that enterprise risks of this magnitude be identified and comprehensive plans be documented and tested before they are needed.
Access Control is the single most time-consuming task I faced. These are controls that SOX and PCI auditors may need to review.
- How many different applications are in scope? What are the roles for users?
- How will the business block unauthorized access to company and customer data from striking workers? Deleting user accounts is not a viable solution.
- Can the company effectively block striking users while providing access to those pay and benefits-related sites that must not be blocked?
- How will accounts be created for any temporary assignments, especially for management workers who need enhanced access?
- Managers of striking workers may need extra permissions while providing coverage, but do they create Segregation of Duties conflicts?
- How do temp workers get trained in anticipation of the strike? Providing access to temps is a challenge, especially in the weeks just prior to a potential work-stoppage.
This is just a sampling of the challenges facing any IT Business Continuity planner. The list is extensive and, in many cases, not apparent to the casual observer. IT will be called upon to perform its magic as each department documents their plan for continuity. A good team effort will avoid any last-minute scrambling. The customers are better served when IT is engaged all along the way.
No comments:
Post a Comment