According to Amit Sarkar, computing senior lecturer at Canterbury’s Ara Institute few organisations have an adequately documented information systems resilience plan, which would greatly increase the business’ chances of surviving an earthquake.
Sarkar interviewed the top decision makers at 30 organisations that survived the Christchurch earthquakes for a paper Governing Information Systems Resilience: A Case Study, co-authored by Stephen Wingreen from the University of Canterbury and John Ascroft from Jade Software.
The paper has been voted best research paper by the jury at the European, Mediterranean and Middle Eastern Conference on Information Systems (EMCIS).
Sarkar found that Information Systems (IS) resilience was a major factor in their continued operation and successful recovery, for organisations both large and small, public and private, but was rarely documented.
Successful organisations, he said, had an IS resilience plan and, most importantly, they had practised it, challenged it and embedded it into the organisation.
“Good process means you are taking it seriously and practising it, trying to find the loopholes and debating, learning from the drills what went wrong and how to improve, so that when the real thing comes you are super ready.
“That cannot happen from reading the plan on the day. The plan goes out the window when the disaster strikes, so this is significant.”
Sarkar said diversity and complementarity within the company were important to testing resilience plans for many eventualities and for practising problem solving. “When a range of thinking styles was employed, IS resilience plans were more thoroughly tested. IS resilience is as much about people as it is about technology.”
He added: “All the companies that survived put people in the centre. There is a huge emotional toll that happens and every single organisation in the study, including Ara, took care of the people, by making sure salaries are paid, checking on employees and so on. It’s a symbiotic relationship. If you look after your employees, they will look after your technology and processes.”
He added: “Not only do organisations need to be resilient themselves, but they have to choose partners carefully to ensure they are also resilient. Having robust systems would be pointless if the supply chain collapsed because other organisations were not prepared. This also applied to overseas partners.”