Corporations often confuse business continuity and disaster recovery. They also tend to put the CIO in charge of both. Should the CIO be the point person for both BC and DR? If so, why? If not why and who should it be?It resulted in an interesting debate on the role of the CIO, so I reposted it on LinkedIn for so the members of our Computer Room Design Group could weigh in. Here are some of the insights they had to share...
Ken Cameron, IT Infrastructure & Outsourcing Executive:
The CIO should own Disaster Recovery. The business side (someone in Risk Management, Corporate Security, etc.) should own Business Continuity. The IT group should be represented on the Business Continuity council. IT plays a major role in Business Continuity, but does NOT own it.
IF the CIO gets Business Continuity, it needs to be made clear that his BCP responsibility is NOT part of his IT responsibility.
Christopher Furey, Managing Partner at Imaginamics:
This is one of those issues where it's a bit like asking the fox to watch the hen house. Only very small or inexperienced management teams put IT in charge of BC. The scope of the risk analysis is usually way beyond the skills of an IT Director or CIO, and even when it's not, business risk oversight is critical.
Ken is spot on. The CIO must be in charge of DR and IT Systems Continuity but not BC. Any CIO who wants to keep their job will work in tandem with Risk Management and key stakeholders on the business side to ensure critical business functions and the systems that support them are well considered.
BC is in the realm of Ops and is best handled with strong leadership (or at least advocacy) from the CFO, COO or GM - or the partners and owners in smaller firms. Management inadequately funds and supports BC unless it understands the risk and process in total beyond simply recovering IT systems or data.
Though it's often mentioned in the same breath with DR, BC is not an IT role, but ensuring the operational assurance of the key IT systems is.
K.M. Sreekumar, Consultant & Project engineer at Schnabel DC Consultants India Pvt Ltd:
IT is only an enabler to the business and business continuity though very critical it is not the business. Business overall is and should be the responsibility of the CEO, so we are back to square one CIO and CTO will only aid the BC plan and fully responsible for the IT and technology part. For example, CIO should not be responsible for even analysing the business impact of an IT black out. Secondly, threats to the business are varying in nature like pandemic, supplier lock outs, financial instability and very few have IT nature.
Another perspective would be to treat IT as a business and CIO be responsible for Business continuity of IT. Similar to what Christopher Furey wrote.
What are your thoughts on the role of the CIO and IT in relation to business continuity? Please share your experience by posting a comment here, or by continuing the discussion in the Computer Room Design Group on LinkedIn.