IT disaster recovery

IT DR at PwC is an integral part of our wider BCM practice. Our team is made up of operational practitioners, drawn from a range of industries, to bring practical, hands-on experience to our engagements.

We break our proposition down into four basic themes:

Review

Typically we perform reviews either as a part of audit work or retrospectively in response to an incident. We also perform specialist reviews e.g. for FSA certification or outsourcer evaluation and selection. Whatever the reason behind the review, our work throws a spotlight onto the strengths and weaknesses of a client's IT DR capability. Our report will typically recommend specific and practical actions to address shortcomings together with a way forward to execute them.

Programme build and delivery

We design and execute a full range of IT DR programmes that can include: policy, process and procedure development, training, documentation and third party oversight. Some of these programmes may well be driven from an earlier review engagement. Our team of hands-on practitioners draws on its first hand experience in industry to develop and drive programmes that deliver success and business benefit to our clients. A sample IT DR document set arising from such a programme is shown below:

Programme build and delivery

Testing

We build and deliver realistic and challenging testing plans and exercises that validate solutions and invocation processes to provide confidence in the IT DR capability. However we recognise that jumping in at the deep end with a high maturity test is likely to lead to failure and result in a step backwards. Our increasing test maturity approach, aligned to BS25777 and ISO 22031, helps clients navigate this challenge while delivering meaningful tests. A typical test framework is illustrated below:

Testing

End to end mapping

We develop end to end dependency maps that identify problems such as single points of failure, concentration risk and IT DR gaps. The maps also inform other ITIL processes such as change management, incident management and release management. What this provides is a graphical view of the weaknesses and pinch points in the often invisible IT infrastructure that supports core business activities. This gives clients a clear view of where to "invest to protect". A sample deliverable is shown below:

End to end mapping