Critical Services Require Governance with Intent

Technology ExcellenceGovernance & RiskAI & Automation
Written By Antoine Stinissen

The Senate inquiry into the Optus outage has revealed more than the technical details of a major telecommunications failure. Testimony during the hearings described confusion within the organisation as the incident unfolded, including panic in offshore call centres and a lack of immediate awareness that Triple Zero access had been disrupted.

Technology outages occur in every industry. What makes this case particularly instructive is not simply that the network failed, but that the organisation responsible for operating a critical national service struggled to recognise and respond to the severity of the situation as it developed.

Incidents like this highlight an uncomfortable truth: critical services rarely fail only in technology. They also fail when organisations lose sight of how those services must be governed.

The signal behind the Optus outage

The Optus incident has been widely discussed as a telecommunications network failure. Yet the Senate hearings suggest that the disruption was also characterised by breakdowns in awareness, escalation and coordination across the organisation.

During the incident, teams responsible for managing customer interactions reportedly did not fully understand the implications of the outage as it affected emergency services. This disconnect between the technical failure and the operational response created a situation in which the seriousness of the disruption was not immediately recognised across all parts of the organisation.

For services that underpin public safety, this gap between technical events and organisational response becomes particularly significant.

Critical services are organisational responsibilities

Technology failures are often treated as engineering problems. When a network fails, the instinctive response is to focus on infrastructure resilience, redundancy and recovery mechanisms.

While these are important, critical services ultimately exist within an organisational context. A service may depend on technology platforms, but it is operated, monitored and governed by people, processes and leadership structures.

If the organisation does not maintain clear visibility over how critical services are delivered, who owns them and how incidents should be escalated, a technical problem can quickly become an organisational one.

In this sense, outages like the Optus incident are reminders that resilience is not only about systems. It is also about the clarity with which organisations manage the services those systems support.

Govern with intent

The principle of governing with intent becomes particularly important when organisations operate services with high societal or operational impact.

Governing with intent means deliberately understanding which services an organisation provides, how those services are delivered and what level of governance is appropriate for their criticality. Not all services carry the same level of risk, and governance structures should reflect this reality.

For critical services, this typically requires stronger visibility, clearer escalation pathways and defined operational responsibilities across both technical and organisational teams. When governance structures are aligned with service criticality, organisations are far better positioned to recognise when something serious is unfolding.

Without that intentional governance design, even sophisticated technology environments can struggle to respond effectively when incidents occur.

Operational discipline matters

Governance is not only about structures and reporting lines. It is also about operational culture.

The Senate hearings into the Optus outage hinted at a deeper issue: a culture in which the seriousness of the service disruption was not immediately recognised across the organisation. This is not uncommon in complex environments where teams are focused on their own operational responsibilities without a shared understanding of the broader service impact.

For critical services, operational discipline requires a collective awareness of what is at stake. Teams must understand not only how their systems function, but how failures in those systems affect the services relied upon by customers and communities.

Without this culture of care for the services being delivered, governance frameworks risk becoming procedural rather than purposeful.

A practical example

The importance of operational discipline and governance clarity can be seen in other critical service environments. In one engagement with state-wide rail operator, the organisation recognised that informal operational practices were creating unnecessary risk across a safety-critical environment.

By introducing clearer governance structures and measurable operational discipline, the organisation strengthened oversight of critical services and improved its ability to manage operational risk. The result was a more deliberate approach to how services were delivered, monitored and escalated across the organisation.

Read the success story: From Informal Practice to Operational Discipline

Critical services do not only require resilient technology. They require organisations that deliberately understand how those services are delivered and govern them with intent.

Sources
ABC News — Optus call centre panic during Triple Zero crisis
https://www.abc.net.au/news/2026-02-26/optus-call-centre-panic-during-triple-zero-crisis/106391184

Antoine Stinissen
Previous

Cyber resilience begins with governance
Next

Digital transformation fails when we lose sight of what matters