Delivery Services Provider
Our client is an international shipping and courier service delivering to customers across the UK, Europe and the rest of the world. The fulfilment arm provides a fully integrated warehousing and distribution service. The company aims to give customers the best possible delivery experience and needs to ensure it can maintain that commitment.
The UK business is managed as an independent entity with separate IT and is one of the most successful business units of the organisation. Experience has built up a reliable infrastructure to meet customer expectations. The UK business has a significant percentage of the market, delivering up to two million parcels a day at key times.
The client was comfortable with its IT disaster recovery planning arrangements; the technical and security specialists felt they had what was needed and the systems had proved to be reliable over a long time. However, senior management wanted to reassure themselves that it would work as anticipated with no gaps. Management wanted to ensure the risks associated with a gradual transition from on premise to cloud hosted arrangements were understood and preparedness was as good now as it had been in the past.
Documents were already in place to guide response and recovery activity, although it was recognised that there was room for improvement. The question was asked whether there was a dependence on individuals and what would be the impact on efficiency should they be unavailable at the time of an incident? With time critical services, there are only brief windows of time in which they can be re-established. The project’s focus was to look at technical arrangements, DR, resilience and response to technical failure whatever the cause.
Teed’s experienced facilitator met with relevant parties and reviewed existing documentation, providing thoughts on areas for improvement. To tease out the inconsistencies, a tabletop exercise was designed and facilitated to challenge the UK business’s response and recovery capability. The objectives were to challenge the response capabilities and recovery strategies to ensure relevancy, and ensure individuals were aware of their responsibilities including understanding the required steps to restoring capability.
A combined Review & Exercise Outcome Report detailed the findings of the exercise noting improvements and actions defined to build upon DR and resilience taking account of changes in technology. The approach of a structured process to gathering information worked from the outset, with an awareness session to explain the project so everyone was able to contribute effectively at each stage.
Teed’s input helped the client identify areas for improvement. For example, a dependence on a key external party was identified with a straightforward remedy swiftly enacted. The project also showed that there was a need to document additional procedures should cloud services be impacted by an incident. The recovery process fell within the remit of the cloud service provider, but needed to be linked in with the client’s own response and business continuity processes.
Acknowledging that resilient cloud services can still be disrupted by unexpected events allows the client to manage business continuity during the period of disruption, based on realistic impacts, recovery time objectives (RTOs) and recovery point objectives (RPOs).
The client benefitted from Teed’s independent assurance that they are well prepared subject to taking forward recommended actions to further enhance, test, and maintain their response and recovery capabilities. The business now knows what it needs to do to ensure confidence in the process when disruptions occur. There is nothing worse than being in a position where an incident management team is wary of invoking DR because of uncertainty whether it will work as anticipated.
Other providers in the delivery industry have experienced cyber security incidents which have taken down logistics and services for extended periods causing significant upheaval, dissatisfied customers and a loss of market share. A renewed focus on IT resilience, DR and resilience using Teed’s experienced consultants can make all the difference in ensuring readiness to manage future incidents.