Resilient by design | Deloitte UK has been saved
Recent, high-profile network outages have shown how the convergence of people, processes and systems, accelerated by the introduction of new technologies, has created the potential for systemic failures to proliferate across the telecommunications eco-system, impacting multiple communications providers (CPs) at the same time.
Against this backdrop of increased risk and uncertainty, CPs should ask: are our existing approaches to resilience sufficient to meet customer and stakeholder expectations for service delivery.
We outline four areas that heads of resilience and executive team members may find helpful to consider within the context of their own CP’s approach to resilience.
1. Align risk management processes, external suppliers and other parties to help identify and manage emerging issues
CPs may outsource operational aspects of service delivery, relying on external facilities and procuring network services from other suppliers. However, they can’t outsource the risks associated with these. CPs need to understand, and where possible mitigate, the concentration risks from increased reliance on shared infrastructure services and common suppliers. This may mean:
2. Invest in diverse resilience solutions, but accept that disruptions will still happen
Although it is preferential for CPs to invest in measures to reduce the possibility of a disruption occurring, it is equally important to recognise that some disruptions will still happen. As such, it may be helpful for CPs to build a layered approach to resilience, catering for disruptions of different type and severity. This could include:
3. Build resilience and crisis management capabilities, especially at the Board level
Increased governmental and regulatory focus in the telecommunications sector and other industries is placing more emphasis on senior management and Boards to demonstrate commitment to, and accountability for, resilience. Board members may not be experts in operational resilience, but it is important they have the knowledge to ask the right questions and to make informed decisions at critical junctures. Board level involvement can be improved by:
4. Focus on operational enhancements to future-proof resilience
Customers may acquire services from separate CPs believing these to be independent, but may not be aware that CPs may share infrastructure or rely on the same third party to deliver the service. It can come as a surprise, then, if a leased line or shared infrastructure fail and the customer loses multiple services simultaneously. To reduce single points of failure in the service and optimise the customer experience, CPs need to focus on future-proofing resilience. This could include:
Switching from reactive to proactive operational processes.
This means that CPs need to be proactive when it comes to managing faults and service degradation, for example by:
Identifying opportunities to exchange information with other CPs
There are multiple sector-wide fora and protocols such as NEAT, TIDIE, and ResilienceDirect® that provide opportunities for CPs to exchange information proactively about the resilience of the wider network. Where possible, CPs might also consider participating in sector-wide exercises to identify hidden assumptions, network pinch points, and improve joint response capabilities.
Learning from past mistakes
CPs should treat past disruptions as an opportunity to enhance operational arrangements, inviting independent analysis where appropriate and routinely performing post-incident reviews to identify lessons learned and improvements.
The UK government’s Electronic Communications Resilience and Response Group recently issued updated infrastructure resilience guidelines reflecting an increased interest in the resilience of the UK’s Critical National Infrastructure and the communications providers operating within an evolving and hyper-connected eco-system.
The guidelines helpfully expand the discussion around what resilience is and distinguish it from traditional business continuity by advocating a more comprehensive framework for managing a broad range of disruptive risks. They also provide detail on how CPs can build operational resilience within their own organisations and the wider sector, including helpful technical and operational guidance and the standards required to achieve this.
Neil is a Partner in Deloitte’s Reputation, Crisis & Resilience team, part of the Firm’s wider Risk Advisory practice. He is an Operational Resilience specialist with in-depth knowledge and experience across a wide range of risk, resilience and readiness activities. He has over ten years’ experience helping clients plan for and respond to high impact events and changes.