IT Resilience Consulting

Our increasing dependence on IT services requires organisations to better understand:

  • The recoverability of the critical applications and the data they use – whether the applications are on premises, or in the cloud.

  • The content and warranties supplied in the agreements written with service providers.

  • The resilience of your providers and how they will treat your organisation if they suffer a disruption.

We help Australian organisations address the issues above and to develop IT Disaster Recovery Plans that are practical and meet the recoverability needs of the business.

A Typical Engagement

We work through a structured program that covers every stage of improving your IT resilience.

Assessing your capability

We audit your capability across people, process, technology and Third Party suppliers. In the context of the recoverability needs of your organisation, we identify recovery gaps and priorities.

IT DR Documentation review

We review your documentation and focus on:

  • Is it complete and does it cover all of your critical application systems and infrastructure?

  • Is it appropriate and will it support your IT staff during a disruption? Are the Technical Recovery Procedures complet?

  • The documentation required to recover cloud based applications. Does it address everything you need to know if your primary SaaS providers suffers an outage?

  • The integration of your Incident Management Plan with your IT DR Plan.

  • The testing schedule.

IT DR Testing and Training

Plans are only useful if they are tested during an exercise that involves the people responsible for the recovery when the disaster strikes.

The starting point for the development of the exercise is the Initiation phase where the scope, participants, schedule and scenario are discussed. These details are then confirmed in an Exercise Brief that documents the work to be undertaken by our consultants and what we require from your IT organisation.

We develop the scenario (which is not disclosed in advance to the exercise participants), all of the materials required for the exercise including training materials, checklists to be used during the exercise and participant feedback forms. The exercises typically run over a three hour period and involve your Senior IT Team and members of the impacted team.

After  the completion of the exercise, we document the outcomes, lessons learnt and present our recommendations for improvements.

APRA-regulated entities

If your organisation is regulated by APRA (including ADIs, general insurers, superannuation funds, and life insurers) CPS 230 (Operational Risk Management) sets specific requirements for IT DR planning  third-party risk management.

We have considerable experience helping regulated entities meet these obligations, from initial gap assessment through to full CPS 230 compliance.

Learn more about CPS 230 →

What our customers say

“Following the risk assessment done by Continuity Matters, we decided to move our facilities which were located in a low lying, flood risk area to a location higher up. Very grateful for the sage advice received from Continuity Matters.”

International manufacturing organisation.

Does your IT keep you up at night? Not sure how resilient the services are that you are being supplied with?

contact us for an IT assesment
We offer business continuity consulting services to help your business develop a robust business continuity plan.