CHASE ONLINE OUTAGE
Chase Bank, one of the largest financial institutions in the U.S. is experiencing “technical difficulties” with its online presence – Chase.com.
This article is about how Chase online IT processes did not align with their business processes and how ITIL the Information Technology Information Library a set of best practices could have help them.
It was surprising to read about such a large company unprepared for such an event. One of the main processes of the ITIL Lifecycle is IT Service Continuity. IT Service Continuity is where the IT infrastructure and the IT service of any business would plan for an unplanned outage where customer services would be negatively impacted. While it is not practical to assume that any such event would never occur, it is a matter of practicality where a company, such as Chase Bank, would have performed a risk assessment to determine where any or all vulnerabilities with their framework existed. Part of the risk assessment should have included how to address these vulnerabilities to the point where they would not be a critical flaw that had the possibility of bringing their website down for nearly 36 hours. For being the 2nd largest bank in the world with 16.5 million online users this is unacceptable.
Another part of ITIL IT Service Continuity would be Business Continuity Management. This should have been where Chase should have had procedures in place to effectively deal with their business processes in the event of a disaster. Chase Bank has not revealed the nature of the event that has caused their website to be unavailable, and perhaps it was out of their control. However, being such a large financial firm, it should have been part of the scope of the Service Design of Chase’s Service Catalogue to have reliability in their product to recover or be resilient preventing such an issue. Availability of a core component of Chase’s Service Catalogue such have been a high priority of the IT management at Chase. The fact that this was overlooked, or underestimated, is an unfortunate turn of events for a company with the name recognition that Chase has.
It is not known if Chase Bank does have ITIL procedures in place, or if they have their own system which is being utilized. Perhaps this situation is a perfect example of how important it is for a company, such as Chase, to adopt ITIL for their IT processes. If Chase had followed the ITIL framework, they would have been adequately prepared in the event of such “technical difficulties” that Chase would have had an immediate recovery system already in place to cut-over and replace the equipment that is not functional. Also, Chase would have had the Business Impact Analysis completed where it would have shown how such a loss of a critical IT service would have on the business portion of the company. Chase has not announced if there has been any loss of data or if any customer information has been compromised during this event, but if ITIL had been adopted at Chase – they also would have the Information Security Management in place that would have also verified that the data would be kept confidential, the data integrity would be ensured, and the availability of the data would be maintained. It is assumed that Chase has Crisis Management and Emergency Response teams working to resolve this issue. However, if Chase had already implemented ITIL best practices in their organization such an event like this one may have been prevented.