NatWest Bank Security Issue

The full facts of the Natwest computer failure, leading to significant payment difficulties are yet to be published.

(Indeed articles like this one suggest they won’t be despite the evidence disclosure may help customers better).

Why have I labelled it a security issue?

Because disaster recovery is a key part of any security management system.

The questions I have are:

  • What happened to the roll back plan. Any project where I have been involved in updating a live system had to have a fully documented & tested roll back plan, so the change could be backed off if something went wrong
  • Why didn’t they call it a full disaster, and switch to the backup / failover system. Surely the software upgrade was not applied to that in parallel
  • Why did it take so long to clear the backlog. Surely capacity is not cut that fine, otherwise any small surge in business (such as increased spending at Christmas) would once again grind the system to a halt

Let’s have the full details please, the story so far does not seem to add up.

July 3 Update.

Interesting, this article suggests the failure was caused by the roll back not working as expected.