A Guide for the CIO: System Resilience vs. IT Resilience

For the CIO, system resilience is an important topic to understand, yet it is important not to confuse system resilience with IT resilience.

In this post, we’ll learn what system resilience is, how it differs from IT resilience, and why many CIOs are responsible for both.

A Guide for the CIO: System Resilience vs. IT Resilience 

In many organizations, the CIO is responsible for IT operations, and from an operational perspective, it is more useful to understand concepts such as system resilience.

System resilience, according to Donald Firesmith at Carnegie Mellon’s Software Engineering Institute:

• Refers to a system’s ability to protect its critical capabilities from disruption and “carry out its mission in the face of adversity”
• Goes beyond availability and reliability, to include resistance to and recovery from disruptions and adverse conditions
• Includes measures such as event detection, reaction, and recovery

In short, system resilience takes a systematic approach to building systems, such as IT systems, that are more resilient and robust in the face of disruption.

The model outlined by Firesmith is quite extensive and can serve as an excellent resource for any IT professional tasked with improving resilience in their own organization’s IT systems and processes.

For the CIO whose job revolves exclusively around IT operations and IT service management (ITSM), this model may be enough to suit their needs.

On the other hand, for a CIO also involved in business strategy, it will be important to expand the scope of their resilience strategy to incorporate IT as a whole.

IT Resilience vs. System Resilience

Many view the CIO as an operations manager, as mentioned – though, in actual fact, the first usage of the term “CIO” was to fulfill the need of a strategic IT professional.

Regardless of the history of the CIO, what matters most for CIOs is their current role. 

For CIOs whose job scope extends beyond IT systems management, their focus must not only be on system resilience, but also on IT resilience.

In other words, CIOs must also focus on building resilience into other aspects of IT, including:

People

Disruptive events, such as the COVID-19 crisis, can have a dramatic effect on the workforce and their ability to do their jobs. 

As we saw in 2020, for instance, employees around the world were forced to adopt a work-from-home (WFH) model. Employees with the right skills were able to keep up, perform better, and help organizations maintain operations.

Since employees play such an important role in the performance of everyday IT operations, as well as IT resilience, CIOs should develop specific strategies designed to bolster employee-related IT resilience.

Here are a few ways to do that:

• Build upskilling and reskilling programs that focus on cross-training employees
• Implement enterprise software that boosts self-reliance, such as self-service training software
• Restructure the workplace around digital workflows, processes, and technology
• Cultivate a culture that is open to learning and change

Workforce agility and skills, in short, go hand-in-hand with IT resilience, since IT performance depends so heavily on employees.

Processes

Building business process resilience can mean different things depending on the circumstances. 

For best results, it is important to take a top-down approach to building IT and organizational resilience, ideally by leveraging business tools and frameworks such as the one covered above. Those types of models can help CIOs implement an approach to resilience that is systematic and measurable – and, as a result, more effective.

When redesigning IT-related processes to improve efficiency, CIOs will implement approaches and tools such as:

• ITSM and IT governance frameworks, such as ITIL and COBIT
• Business process standardization
• Business continuity planning
• Risk management
• Agile and lean methods

Although these approaches can certainly improve IT resilience, CIOs and the C-suite should actually be rethinking the very structure of their organization. 

Today, for instance, business models and operating models are becoming data-driven, AI-driven, and technology-driven.

As a consequence, business leaders will need to reimagine the very foundations of their companies in order to survive and thrive in the post-COVID digital era – or, as McKinsey calls it, the next normal.

Tools

Digital tools are another key component of an IT resilience strategy.

The more adaptable, agile, and flexible the tool set, the more resilient the IT function will be.

Again, as we saw in 2020, the most resilient organizations were those that were cloud-enabled. On the other hand, companies that lacked remote working capabilities had to invent them, practically overnight.

The right IT infrastructure and toolbox, therefore, can make a significant difference in a company’s overall IT resilience.

To boost resilience:

• Adopt technologies that will enable remote working when necessary, such as remote working tools, cloud platforms, and remote employee training software
• Invest in cybersecurity platforms and partner with security firms to design business continuity plans, disaster recovery plans, and, ultimately, to minimize the possibility of cyber attacks
• Use data tools to gain insights into potential risk factors, both internal and external, and use those insights to inform decision-making

The right tools can make a significant impact on an organization’s ability to protect their core IT function, while also minimizing the impacts of disruptions to business processes, employee performance, the customer experience, and more.