/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsAs no business continuity plan (BCP) will fully guarantee that you are protected from an outrage or data loss scenario, one should understand the expected service levels and recovery objectives of the business and to architect an appropriate solution to minimize the risk and impact of unexpected failures, says Krishna Prasad, VP-IT, Bahwan Cybertech in an interview with B.V.Shiva Shankar. The excerpts of an interview:
CIOL: How can enterprises tackle the problem of business disruption?
Krishna Prasad: At the outset, no business continuity plan (BCP) will fully guarantee that you are protected from an outrage or data loss scenario. Therefore, our responsibility is to understand the expected service levels and recovery objectives of the business and to architect an appropriate solution to minimize the risk and impact of unexpected failures. A BCP is more than recovery of the technology. It is rather a recovery of all critical business operations. The plan should be flexible to respond to changing internal and external conditions and new threat scenarios. The business impact analysis is undoubtedly a crucial tool for business continuity. A good BCP would have capacity redundancy and fall back options accounted for, in addition to a recovery strategy. Companies are beginning to take business continuity more seriously, in response to increasingly competitive environment and the rising number of natural disasters.
CIOL: What are the likely hazards that lead to disruption or potential disaster?
KP: Hazards could be many, like the Mumbai floods of last year. These floods have now made basements and ground floors unacceptable as recovery locations in Mumbai. Post 7/11, the hazard perception has changed tremendously. Hazards can come from multiple sources -- both external and internal to the company. Weather hazards, terrorism, power problems, bandwidth/connectivity problems, hardware failure, virus attacks, hacking, etc., could lead to disruption/disaster. Similarly, there are reasons such as espionage, willful disruption of service by disgruntled employees, lack of idiot proofing on business applications, unintended mistakes by users, incomplete implementation of data access, security and end use policies could also cause disruption of business.
CIOL: What are the deterrents for business continuity?
KP: The dettrents can be listed: lack of resources to make the plans; overestimating what the business can withstand; assuming that many problems are 'too small' or 'too big' to plan for; assuming that if a crisis hasn't happened yet and it's not urgent enough to plan for; and the cost of a DR site or redudancy in capacity could lead to increase in cost of business.
CIOL: What type of Disaster recovery planning have you adopted in your company?
KP: We follow a simple, four-stage planning process,
- Identify business processes critical to continuity of business;
- Define threat perceptions on these business processes;
- Prepare to address these perceptions; and
- Review events, threat perception, process coverage and progress frequently and revise BC plans.
CIOL: Is one stop solution possible to ensure business continuity?
KP: No, as I said earlier. It is a complex process and involves many elements.
CIOL: What must be the steps taken by an organization, in terms of best practice, to prevent possible potential disaster?
KP: Business continuity planning should encompass prevention to resumption of normalcy, which includes planning and preparing for risk mitigation, crisis management, recovery of resource and infrastructure (disaster recovery), alternate solutions to provide minimum service to customer and resuming "business as usual".
CIOL: What should be the basis for selecting DRP? Should recovery time objective (RTO) and recovery point objective (RPO) be the barometer or should it be dependent on the situation?
KP: Both RTO and RPO are important when seen as SLAs set for driving the efficiency of the BC process. Such SLAs provide a long-term focus to the BC process in an organization.