Since IT solutions have helped in conducting business globally and seamlessly,
it becomes all the more important to reduce the impact of a probable disaster
and its aftermath.
The concept of business continuity and disaster recovery measures and processes
has existed in some form or other for quite some time now, such as protection
and recovery from incidents like fire or media failure. However, the importance
of these measures has significantly increased in recent times, considering the
magnitude and probability of disaster that could possibly strike an enterprise.
Events like the September 11 catastrophe have further re-enforced the need to
step up the measures for dealing with disasters of all kinds and establish sound
processes and policies for business continuity and disaster recovery.
Remote IT application management services, offshore outsourcing services and IT
enabled services based out of India are increasingly operating non-stop 24x7
facilities that need to comply with service level agreements of many shades, and
cannot afford to lose even seconds of vital data or information. The increased
criticality of the mission and time critical business applications that the
Indian IT industry is poised to drive and support, makes it even more necessary
to have these processes in place.
Since IT solutions have helped in conducting business globally and seamlessly
at the speeds and volumes we are seeing today, it becomes all the more important
to reduce the impact of a probable disaster and its aftermath. According to
industry sources the cost of service interruption could be $60,000 to $250,000
per minute for an average large-sized bank. The recent spate of terrorist
activities around the world is a lesson to proactively analyze the business
risks that an organization is likely to face in the wake of such incidents and
be ready with a business continuity and recovery strategy.
Most IT outsourcing models have matured in their processes to establish
facilities, infrastructure, teams, competencies and business models that are
scalable, secure, reliable and available seamlessly. It is time now to render
the critical business units recoverable as well, and as seamlessly as it is
justifiable, based on a sound business case. Once again, it is information and
communication technology that can offer solutions to establish:
- Integrated Security Management systems
- Integrated Business Continuity and Disaster Recovery system.
The integrated security management solutions and the integrated business
continuity and disaster recovery solutions now form an essential part of all
strategic IT consulting, recommendations and blue-prints. These two services, in
fact, go hand-in-hand, and in many ways these requirements also form a part of
the SLAs for large outsourcing engagements.
Like every sound business process that needs to be woven into the
organization's fabric, the business continuity and disaster recovery
requirements also follow the basic steps:
- Strategies
- Policies and processes
- Plans (Precautions/Corrective/Preventive)
- Plans (Recovery/Restore/Continue)
- Operations (Implementation, Roles & Responsibilities, Contingencies)
- Audits, Drills, Mock Exercises, Surveys, Feed-back
- Continuous Improvement processes
For a prudent and optimal coverage of the business continuity and disaster
recovery measures, without going overboard, it is important to carry out a
proper exercise of "Assessment and Scope of coverage".
This assessment phase would typically involve identification and assessment of:
- Key Locations/Business Units
- Key Business Functions
- Key Human Resources
- Key Projects, Accounts, IPR
Within the scope of the above categories, specifics of infrastructure,
communication networks, personnel, statutory/legal implications and information
/ knowledge / intelligence vested would also be analyzed as per facts, data,
weightages, risk-factors and their impact on Business sustenance and continuity.
The various entities are assessed and reviewed to arrive at the severity levels
of the impact of a possible disaster striking there. The actual scope of the
business continuity requirements would be mapped accordingly. The assessment
would also take into account the estimated value of loss to the enterprise, its
people, its clients, suppliers, stakeholders and the society at large.
The above assessment will then get further qualified by the types of
disasters that are likely to hit the business entities on the business
continuity severity matrix. These could be any natural or artificial
catastrophes like fire, flood, earthquake, war, terrorist attacks or virus
attacks.
Depending on the probability of occurrences and the criticality/severity
levels of the business entities, appropriate business continuity measures are
specified and planned. The measures could typically include:
- Alternate Back-up sites with delayed or real-time, seamless transition
- Full Seamless Replication as in an on-line hot-stand-by
- Rotation / Replication of core team and key people
- Third site contingency options
- Alternate Communication paths and media
- Evacuation/Recovery/Restart plans
The strategies and plans of the enterprise would need to address the issues
related to establishment of disaster recovery sites, recovery plans and measures
with quantified recoverable items along with defined mean time to recover,
restore and resume business seamlessly. The business needs and imperatives will
further qualify the extent and rigor behind these measures during the
implementation phase.