How to prepare for a major IT failure

23/01/26 Wavenet
IT failure

When a major IT failure strikes, organisations don’t get a second chance to prepare. Decisions must be made quickly, and IT information needs to be trusted, accurate, and accessible. This is where business continuity (BC) software can play a crucial role in strengthening IT service continuity (ITSC). In this article we consider what you can do to prepare in advance of an IT failure occurring and then look at how BC software can help.

Defining IT service continuity

It’s helpful to clarify some key terms:

“IT critical incident”
The highest severity level of IT incident. This typically requires the recovery of multiple IT systems and is managed by the core IT management team rather than a single Incident Manager. A priority 1 or IT major incident might escalate to be an IT critical incident.

“IT Service Continuity” (“ITSC”)
An umbrella term covering the preparation for, prevention of, and response to IT critical incidents, this encompasses concepts which may be more familiar, such as “IT resilience” and “IT disaster recovery”.

“ITSC owner”
The person in the organisation who is responsible for understanding, documenting and recording ITSC requirements. This may be the Head of IT (or another person in the IT business function), or possibly the Operational Resilience Manager / Business Continuity Manager. If there is no person assigned this responsibility during business-as-usual at your organisation, identify who would have this responsibility during an IT critical incident.

Business-as-usual (BAU)
Day to day operations, outside of a major critical incident.

The growing complexity of IT service continuity

Regardless of whether they use dedicated business continuity software or not, organisations tend to have varying levels of understanding of their IT service continuity requirements. At the most basic level, this may be no more than a list of the five to ten key IT systems that require priority recovery during an IT critical incident. As organisations grow, so too does the number of systems, interdependencies, and the overall complexity of recovery requirements.

One of the biggest challenges for ITSC owners is the difficulty of obtaining, validating, and maintaining this information. Stakeholders across the business have competing priorities, and ITSC owners themselves may be focused on more immediate operational demands. Crucially, when an IT critical incident occurs, there is no opportunity to catch up on this foundational work. If ITSC requirements have not been thoroughly understood and documented during BAU, the resulting gaps can lead to inefficient incident management and significantly higher impacts on the business.

Why BAU preparation matters during an IT critical incident

During an IT critical incident, there is no opportunity to undertake these principal steps effectively:

  • Perform a business impact analysis (BIA).
  • Reassess the true criticality of IT systems.
  • Define or validate recovery time objectives (RTOs) and recovery point objectives (RPOs).
  • Identify or confirm business and system dependencies.

During an incident, the ITSC owner must rely entirely on what has already been recorded, regardless of how complete or accurate it is. This information will quickly be scrutinised by senior stakeholders, including executive leadership, making clarity and confidence essential.

Are you prepared for an IT incident?

Here are the key things you need to ask, to sense check your ability to manage a major IT failure:

  • Are BIAs conducted to determine business recovery requirements, including IT?
  • Are RTOs and RPOs based on recent and reliable BIAs?
  • Are IT dependencies clearly mapped and understood?
  • Is the priority order for IT recovery well defined and agreed?
  • Is this information up to date?
  • Are you able to quickly and easily access this information?

If you can answer all of these questions with a “yes”, that’s great. You’ve done the fundamental groundwork that will pay dividends when you’re faced with an IT failure. If not, it’s important to invest the time to do the above steps and get prepared.

Keeping information up to date

One of the most frustrating scenarios we see as a business continuity provider is when an organisation has a solid plan mapped out but has not reviewed or updated it for some time. Organisations don’t stand still. So much happens within an organisation relating to the business, personnel, processes and technology, it’s unlikely old plans will be fully effective and they can even hinder a recovery situation.

Keeping information accessible

Do your key IT people know where your IT Service Continuity information is stored? Is it readily accessible to all those who would need it, whenever they are likely to need it (which could be, “out of hours”)? Is the information captured in BC software, or is it distributed across documents, often spreadsheets, that may be difficult to maintain and validate? If the latter, ITSC owners and stakeholders should consider whether the data can truly be trusted.

The hidden risks of spreadsheet-based ITSC data

Consider the following questions if your ITSC data is kept in spreadsheets or other documents, rather than BC software:

  • Are spreadsheet formulas functioning correctly?
  • Has all data been entered accurately, considering any known weaknesses in the spreadsheet design (e.g., fields easily overwritten)?
  • Are links and references current and understood?
  • Are macros up to date and documented?
  • Was the spreadsheet created by the current ITSC owner or by a predecessor no longer available to provide clarification?
  • How confident are users that they understand the spreadsheets and their limitations?
  • During an IT critical incident, how easy is it to extract ITSC requirements and communicate them clearly to key stakeholders?
  • How does this confidence change if the ITSC owner is unavailable and another individual must locate, interpret, and use the spreadsheets?

Given that there is little to no time during a critical incident to resolve issues like these, ITSC owners risk presenting inaccurate or untrusted data to recovery teams and executives.

The value of business continuity software for ITSC

Business continuity software makes it easier to record and update potentially complex information regarding IT dependencies, RTOs and RPOs. Dedicated BC software provides a stable, structured environment for maintaining ITSC data. Rather than relying on potentially fragile documents, information is held in a platform designed specifically to support continuity and recovery planning. It’s also easier to make relevant information available to everyone who needs it.

This delivers clear benefits during an IT critical incident, but the advantages also extend well into BAU operations.

Key benefits include:

Reduced administrative burden

BC software automates many tasks that are labour-intensive and error-prone in spreadsheets, freeing ITSC owners to focus on planning, strategy, and exercising.

Improved decision-making

IT teams gain better visibility of dependencies and priorities, supporting more informed responses to day-to-day incidents as well as major outages.

Easier data consolidation and reporting

BC software can consolidate and report on large amounts of data much faster than copying and pasting spreadsheets together. This can give organisations a faster and more accessible insight into how IT systems support critical services, helping to guide smarter, more targeted investment.

Building more resilient IT services

Ultimately, IT service continuity depends on preparation. When requirements are clearly understood, regularly maintained, and stored in a trusted system, organisations are far better equipped to respond effectively under pressure.

By using dedicated business continuity software to manage ITSC requirements, organisations strengthen both their BAU capabilities and their ability to manage IT critical incidents, creating a more resilient, confident, and responsive operation overall.

Note:

References to “Business continuity software / BC software” above reflect the author’s knowledge and use of Wavenet’s Shadow-Planner, and are not a statement of the capability and functionality of any other BC software products produced by other organisations.

About the Author:

David Davies MBCI

David-DaviesDavid has a highly focused skillset secured through over 25 years’ experience in IT service continuity and over 20 years’ experience in business continuity management.

David joined Wavenet from Barclaycard where he was a key member of the business continuity relationship management team, responsible for embedding IT service continuity across the organisation. He had previously held several other business continuity and IT service continuity positions for organisations including IBM Global Services.

David has become a highly respected consultant in the industry, initially with Jermyn Consulting and then with Wavenet. Over this time, he has delivered BCM and ITSC professional services to 100+ organisations.

He has delivered advice and solutions to organisations in the financial services, healthcare, housing, manufacturing, retail, technology, and transport sectors.

In 2019 David was named 'Continuity and Resilience Consultant of the Year' at the Business Continuity Institute's European Awards and was shortlisted in the 'Advisor of the Year' category at the CIR annual Business Continuity Awards.

Strengthen your IT resilience - speak to our continuity experts today.

Shadow-Planner - our BCM planning software Talk to us

business continuity, Blogs

Latest blogs

See all posts
penetration testing
Common vulnerabilities found in penetration testing - how to fix them

You lock your front door at night - but what about your digital one? Every website, app, and online service you use is like a house with its own set of locks. Some are sturdy and well‑maintained, while others have loose hinges, missing keys, or windows left wide open.

Read more
Placeholder thumbnail
What is cloud computing and how it benefits businesses

If you stream films on Netflix or check your email from anywhere in the world, you’re already using the cloud. But for large enterprises, cloud computing is far more than consumer convenience - it’s the foundation for operational agility, cost optimisation, and long‑term resilience. Today, the cloud underpins digital transformation across every industry. It removes the limits of traditional on‑premises infrastructure, replacing them with scalable, secure, and cost‑efficient services delivered over the internet. So, what is cloud computing really? Think of it like a global utility grid Just as organisations don’t generate their own electricity, they no longer need to build and maintain vast IT estates to power their operations. Instead, they plug into a global network of hyperscale data centres and pay only for the capacity they consume. This model transforms IT from a capital‑intensive function into an agile, consumption‑based platform that can grow or shrink instantly with business demand. Demystifying “the cloud”: what it actually is Despite the name, the cloud isn’t ethereal. It’s built from thousands of enterprise‑grade servers housed in heavily protected data centres around the world. These provide: Always‑on global availability Enterprise‑grade physical security Redundant power, cooling and connectivity High‑performance compute and storage resources Instead of storing your data on a single device or server, the cloud stores information across these resilient environments, enabling global access, multi-layer redundancy, and seamless continuity. Reducing enterprise IT costs without compromising capability Historically, enterprises spent heavily on hardware refresh cycles, data centre space, maintenance, and large support teams. Cloud computing removes these constraints. With a cloud operating model, organisations can: Shift from CapEx to OpEx Subscribe to the compute, storage and applications you need - instead of owning hardware. Avoid hardware lifecycle management Infrastructure is continuously refreshed by the cloud provider. Optimise usage Pay only for what you consume, with autoscaling to manage peaks and troughs. Reduce hidden overheads Power, cooling, physical security, patching and maintenance are no longer your responsibility. For large organisations with complex estates, this delivers predictable budgeting and measurable savings. Resilience and data protection: your always‑on safety net Enterprise outages can halt business operations. Traditional on‑premises infrastructure creates single points of failure. Cloud architecture removes this risk with: Built‑in geo‑redundancy Automated backups Multi‑site replication High availability by design If a device is lost, a server fails, or a site experiences disruption, your systems and data remain secure and accessible. This ensures continuity, protects reputation, and reduces recovery time dramatically. Scalability at enterprise scale: power for any demand Scalability is essential for large organisations with fluctuating workloads or global operations. Cloud platforms automatically scale to handle: Seasonal or event‑driven spikes Large-scale data processing Rapid user onboarding Global expansion Capacity expands the moment it’s needed - and scales back down afterwards - allowing enterprises to stay agile and cost‑efficient. Enabling hybrid work and seamless collaboration Enterprise teams are now spread across regions, countries and time zones. Cloud‑based collaboration tools eliminate version control issues and data silos. With cloud productivity solutions: Teams work from a single source of truth Multiple users can co-edit in real time Permissions and governance are centrally managed Hybrid workers get the same consistent experience This dramatically improves operational efficiency and supports a modern, flexible workforce. The cloud isn’t the future - it's the enterprise advantage today For large organisations, the cloud delivers: Lower infrastructure costs Stronger resilience and security Rapid scalability Higher productivity and collaboration Simpler hybrid working Freedom from legacy limitations It’s not a future trend - it’s the foundation of modern business.

Read more
Placeholder thumbnail
Seven CEO priorities to cut cyber risk in 2026

Cyber risk in 2026: a core business issue, not just an IT problem The Global Cybersecurity Outlook 2026 report by the World Economic Forum highlights seven priorities CEOs should own:

Read more
PSTN Switch-off
What is the PSTN Switch-off? UK network modernisation explained

The PSTN switch-off marks a significant shift in telecommunications. It's a move from traditional landlines to digital solutions. This transition is set to transform how organisations communicate.

Read more
Placeholder thumbnail
BCM software: what it is and why you need it in 2026

Business disruption is no longer an exception - it is an operational reality. Cyber-attacks, supply chain failures, extreme weather and system outages now pose ongoing risks for organisations of every size.

Read more
Placeholder thumbnail
Microsoft 365 Copilot: How UK businesses can unlock real value

AI isn’t a future concept anymore – it’s transforming the way we work today. For UK organisations, Microsoft 365 Copilot is already delivering results: saving time, improving productivity, and streamlining workflows. But simply switching it on won’t guarantee success. To unlock real value, you need a plan that balances innovation with security and governance.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.