When the risk manager of RBS arrived at work, he couldn’t have known that at 3pm, he would be plunged into the worst nightmare of his career. When a system’s upgrade went wrong, staff tried to return to the original system, which failed. He had a backup, of course, but his code was not escrowed for disaster recovery (DR).
So, instead of one hour, the recovery took a week. Over 6.5 million clients were frozen out of their accounts. ATMs were rendered useless. Transfers and digital banking were blocked. Thousands of companies were unable to make their payrolls. Not to mention consumer confidence, the bank’s reputation and its bottom line that suffered a major blow.
And it got worse.
Regulators found that the bank had failed to maintain its business-critical software and fined them an eye-popping GBP56 million. That’s the fine imposed by the UK’s Financial Conduct Authority after it found that risk management and control failings were to blame for a 2012 banking failure, despite it being sparked by corrupt CA-7 software code.
South African businesses and IT risk
In our technology-geared business environment, companies are largely dependent on third-party software applications for the delivery of their mission-critical business functions.
Good governance and business resilience imperatives require the implementation of risk mitigation measures that address the pervasive deployment of IT.
Source code escrow for business continuity
Gartner refers to the practice of source code escrow as “a smart and effective component of a business continuity strategy that software licensees can use to protect their mission-critical applications..."
The primary question that South African directors and officers need to consider with regard to technology operational risk is: “What are our annual revenues that are dependent on technology platforms that we do not own?”
For a leading South African insurer, this amounts to R2.5 billion, and this provides the imperative for using active software escrow to underwrite the risk.
So, how can software escrow help SA business’s risk management?
Software escrow is the deposit, the verification and the vaulting of the developer version of your business software. It is done by a neutral, independent escrow provider. Should your systems fail, a software escrow means you have access to a technically sound backup of your software. And, it is designed for DR.
For the risk manager, it is the much-needed life vest under the seat of the falling airplane!
Share