St Georges Strategy

Signals / Technology failure

Outages, change failure, data integrity, and recovery

The technology-failure page turns outages, cloud dependency, change risk, ICT incidents, and recovery expectations into practical control-evidence questions.

Supporting evidence

Ten further technology-failure signals

The shortlist carries the leadership read. These supporting rows preserve the evidence trail behind incidents, change failure, third-party technology, resilience testing, and recovery.

  1. 06

    Outsourced technology remains inside the firm's resilience accountability

    Official expectations / FCA outsourcing and resilience
  2. 07

    ICT and security risk management should connect change, access, monitoring, and continuity

    Official expectations / EBA ICT risk guidelines
  3. 08

    Technology outsourcing needs exit, audit, data return, and subcontracting evidence

    Official expectations / EBA outsourcing guidelines
  4. 09

    DORA implementation keeps ICT third-party concentration and testing in scope

    Official source / ESMA DORA
  5. 10

    Critical third-party policy turns technology concentration into a systemic resilience question

    Official source / Bank of England critical third parties
  6. 11

    Incident reporting should be connected to customer impact and remediation evidence

    Official expectations / FCA incident reporting
  7. 12

    Backup and restore capability needs proof through tested recovery, not policy attestation

    Official guidance / NCSC backup and restore
  8. 13

    Logging coverage should support incident reconstruction and regulatory evidence

    Official guidance / NCSC logging
  9. 14

    Payment-technology outages show how processor failure becomes customer harm

    Incident signal / Guardian / 2026-06-23
  10. 15

    Consumer-visible outages can challenge internal green dashboards

    Incident signal / Tom's Guide / 2026-06-22

Why it made the weekly brief

The editorial judgement

Technology failure matters when it moves from an internal incident into customer harm, regulatory exposure, market disruption, or evidence that recovery has not been tested.

So what

Availability is not the same as recoverability

A system can be up while a customer journey, payment flow, report, or control process is broken. The evidence test is the service outcome.

Who cares

COO, CIO, CTO, resilience, operations, product, compliance, and suppliers

The same failure can sit across change management, third-party risk, resilience, cyber, data, and customer communications.

Evidence needed

Service maps, change records, logs, recovery tests, and communications

Good assurance shows the firm knows what failed, who was affected, how it recovered, and what control changed.

Control evidence checklist

What the reader should ask for

Technology-failure evidence should connect component events to service outcomes, owner decisions, recovery, and learning.