Your Continuity Plan Starts With an Email You Won't Be Able to Send

Most continuity plans are written on a quiet assumption: that the tools used to execute the plan will survive the very event the plan exists for. That assumption is usually wrong.

For most of my career, regulation in financial services has been about keeping data safe — confidentiality, integrity, the long list of controls that stop the wrong people seeing the wrong things. That problem has not gone away. But the question I now hear most often from regulators, boards and clients is a different one. Not “is your data protected?” but “can you keep operating when the things you depend on are gone?”

It helps to make that abstract question concrete. Picture the single most important email you would ever have to send: the one that goes out in the first hour of a serious incident, to your clients, your regulator and your own people, explaining what has happened and what you are doing about it. Now notice the uncomfortable detail. The system you would write and send that email from is, more often than not, part of the very estate that is down.

That is the flaw hiding inside most continuity plans. The runbook lives in the wiki that is offline. The call tree sits in the identity provider that is the reason nobody can log in. The “break glass” procedure depends on the same single sign-on that just broke. We rehearse recovering the systems and forget that the act of coordinating that recovery has dependencies of its own.

Real operational resilience starts by hunting down those assumptions and removing them one at a time. Where is the independent channel that does not share fate with production? Who can authorise an external communication when the usual approvers are locked out? How do you reach your clients at all if email itself is the casualty? None of this is exotic technology. It is the discipline of imagining the worst possible moment in detail, and then asking what, specifically, you would reach for — and whether it would still be there.

The firms that handle a crisis well are rarely the ones with the thickest binder. They are the ones who have actually tried to send that email with the lights off — in a rehearsal, on a quiet afternoon, before it counted. Continuity is not a document you file with the regulator. It starts with the uncomfortable test of whether you could raise the alarm at all.

Your Continuity Plan Starts With an Email You Won't Be Able to Send

The Cloud Summit That Forgot to Mention the Cloud

Vibe Coding in a Regulated Business