fbpx

Why Ikara

Ikara helps customers:

Ikara supports customers in establishing and maintaining high-quality and secure IT operations. Assisting in linking performance and security standards to measurable and repeatable contract obligations, such as SLAs and KPIs, ensuring consistent performance. Through integration with data sources like Microsoft and Cisco, Ikara enables effective monitoring of third-party compliance. Moreover, our automated reporting and attestation features simplify the regulatory audit process, helping you meet requirements with confidence.

As cyber threats continue to evolve, the matter of third-party risk management has evolved to become a Board level governance issue impacting companies worldwide. In response, the IT industry is now seeking to add appropriate commercial levers into contract negotiations with suppliers, to reduce operational service quality and security compliance problems during the life of a contracted service period.

For example, the Australian Prudential Regulatory Authority (APRA) now requires any organisation operating with a financial licence in Australia, to implement the CPS230 (Operational risk management | APRA) standard, which legally obliges the customer to ensure that sufficient risk mitigation clauses exist in its operational contracts held with all third party service providers.

The risk of underperforming IT systems is material, as we can see from the legal action being undertaken by the Australian Securities and Investments Corporation (ASIC) against Westpac recently, for Westpac’s failure to monitor the performance of its IT platforms, resulting in substantial losses and damages to its customers. Westpac’s complex IT scrutinised in new court case – Finance – Software – iTnews

For all organisations today, a continued reliance on legacy availability monitoring of IT systems and suppliers, is a recognised business risk. Customers, service providers and governments worldwide are now moving towards enforceable monitoring at a contract level, to reduce exposure to IT operational risk. https://www.itnews.com.au/news/nab-wants-government-set-security-standards-for-cloud-providers-600246

In 2015, Ikara saw this industry transformation as an opportunity and embarked on an ambitious project to develop a platform which would solve these industry problems for customers, service providers and regulatory authorities worldwide.  Today, the Ikara platform counts some of Australia’s largest government and commercial organisations among its customers.

The Ikara platform links customer IT operations risk management requirements with the operational reporting of third-party service provider compliance ‘in contract’.  Ikara securely stores service contracts in the platform and links events from Cisco IT reporting tools to prove service standards compliance.

The result is immediate contractual oversight of supplier quality and risk reduction in operations. Ikara’s customers can now contract with third parties, embedding quality, compliance controls and reporting for the life of the contract.

Business executives can now take confidence that their organisation has achieved the requisite oversight of IT operations and supplier risk management. Suppliers are immediately alerted if the quality of their service delivery is non-compliant with the service warranties that they have committed in contract to the customer.

Why Ikara and Why Now?

Despite significant advancements in reporting tools, it’s still quite normal for a customer IT operational team to not know which service provider is at fault when IT performance or compliance goes wrong. Additionally, service providers can end up absorbing the financial burden of that imprecise operational knowledge, being forced into fielding level one help desk calls for issues for which they are not actually responsible to fix in contract.
This all adds up to increased operational costs and frustration levels on both sides, as customers are generally looking at a series of reporting dashboards they set up, which the service provider can’t see and which do not adequately monitor the service that the provider is responsible for in contract.

Ikara has solved this industry wide issue by providing a shared view to both supplier and customer. Reporting is focused on business service quality and compliance objectives. Ikara’s reporting is underpinned by linkable events from industry standard players such as Microsoft and Cisco. Ikara removes the need for IT teams to manually look at monitoring tools to make an interpretative decision about where they are going to route the service ticket when problems arise.

The Ikara platform allows customers and partners to create an auditable log of service compliance linked directly to service warranties and security frameworks such as NIST, ISO 27001, SOCI, CPS 230 and Essential Eight. Business efficiency and service quality standards such as Time to Transact a business-critical function in an application are also embedded in contracts for performance. We achieve this by linking the fine grained and specific operational IT events directly from Cisco FSO platforms, to contract clauses in a compliant vs non-compliant, automated data analysis process.

Ikara Platform Capabilities:

  • Allows the customer to isolate the specific technical outsourcing service obligations that need to be measured as commercial warranties. This allows the customer to be technically specific with a service partner if key areas of service quality and compliance are not being achieved in the outsourced service delivery.
  • Creates the ability to report on service availability in a service contract and extends governance to offer richer insights such as quality of experience and compliance with industry security standards.
  • Ikara allows customers to automate notification to partners when there is a service degradation or breach of warranty. This removes the need for human intervention to report which service provider partner is responsible to resolve an issue as a manual process.
  • Producing a technical governance control which is directly linked to a specific customer or supplier owned data event. Ability to share the event to one or multiple service providers, using secure, ‘need to know’ levels of access.