When lone gunman Man Haron Monis entered the Lindt cafe holding a sawn off pump action shotgun in 2014, Sydney's Martin Place, the 'civic heart' of the city, was plunged into a state of chaos and fear.
It didn't take long for news to reach the Reserve Bank of Australia (RBA), situated just metres away. The risk of a bomb or stray bullets felt very real. But the centrepiece of Australia's economy couldn't simply shut down and duck for cover. If there was ever a true test of the resilience CIO Sarv Girn had built into the central bank's IT systems, this was it.
"For some, a focus on operational maturity and resilience may seem boring, basic and business as usual," he told the audience at the Gartner Symposium on the Gold Coast yesterday.
"Operational resilience didn't seem so boring that day."
Resilience is one of three imperatives - along with delivering business change and transformation and innovation - that Girn and his team at the RBA abide by. Imperatives which are driving them towards "being one of the leading IT teams in the central banking community".
This resilience, he said, is vital and not to be left to "last minute attention".
It is actively tested, the former Westpac Banking Group CTO explained, with a twice yearly exercise during which RBA is run out of its second datacentre in the Sydney suburbs. This secondary datacentre sits on the ground floor of the bank's Business Resumption Site (BRS) in Bella Vista. There is also a quarterly rotation of systems across the dual sites and the processing of critical systems can be switched between the two.
"This proved its worth during the Lindt Café Siege which took place a few metres from the Bank's building," Girn explained. "Within minutes of the incident we switched our platforms to operate out of our second datacentre. The next day the bank's business operations all took place out of the second site whilst Martin Place was cordoned off to the public."
With critical operations switched to the BRS, there was a virtually unbroken service of 'real time' interbank settlement, market operations and banking.
"This operational maturity doesn't happen overnight," Girn said, "and like a sportsperson, who has to build up speed and endurance through many years of training and strength work, the CIO must lay this groundwork to be match-fit."
That groundwork begins with a clear "understanding [of] the organisation's risk appetite statement", Girn said, which in the bank's case was "appropriate to the platforms we provide to support the economy".
What is measured is managed
Girn's team put a lot of weight on metrics, he said. They follow the adage that what is measured is managed. Metrics help them to "measure risk, progress and make appropriate business decisions".
Sign up for CIO Asia eNewsletters.