A Strategic Approach to BCP & DR led Business

Sanjeev Jain, Chief Information Officer, Integreon Managed Solutions

Business Continuity Planning (BCP) is a common acronym all over the corporate world. There are so many articles related to Cloud backup, Recovery Point Objective (RPO), Recovery Time Objective (RTO) and Business Impact Analysis (BIA). However, this is all quite redundant without an understanding of our own business requirements.

BCP is the need of the hour and every corporate is looking for cost effective solutions which can protect client data and at the same time, they should be able to retrieve data and applications during disaster. BCP is just that planning strategy that we have to initiate by understanding the business requirements and what is required to meet the needs of customers and management expectations.

Why BCP is important for business

In the event of a disaster, the business continued operations of a company depend on the capability of the business to reproduce existing Information Technology infrastructures and data.  Disaster recovery process represents all the steps involved in planning for and adapting to a potential disaster with a plan in place which will restore operations while minimizing the long-term negative impact on the company and its client. Well planned business continuity process will keep a business up and running through interruptions of any kind including power failures, Information Technology Infrastructure systems crashes and natural disasters, thus limiting the short-term negative impact on the company.

One can never underestimate the crucial elements of DR and BCP and the best place for business to start is by assessing their current situation in terms of existing risks in order to identify and determine how to minimize these and ensure that no circumstance could threaten the existence of the organization. Business Impact Analysis (BIA) is a planning and documenting process where Information Technology and the business coordinate to document and define the needs for a business process. This also includes people, processes and technology requirements and from the BIA we will be able to define the RPO and RTO for the technology components. The best way to ensure reliability of an organization’s plan is to run through it regularly, with the key stakeholders practicing what they would do to help recover business functions when disasters actually occur. This sort of advanced planning will help an organization minimize the amount of loss and downtime.

There are six general steps involved in creating a business continuity plan:

1. Identify the scope

2. Identify key business areas.

3. Identify critical functions.

4. Identify dependencies between various business areas and functions.

5. Determine acceptable downtime for each critical business function.

6. Create a plan to maintain operations.

Key Elements while selecting right vendor

• You may want to examine the occurrence of infrastructure-related outages in the destination you’re considering as well as the key causes: environmental (natural disasters), cultural (civil unrest, strikes, etc.), mechanical (obsolete equipment’s and poor maintenance), Telecommunications (reliable Internet connectivity, Landline Telephone and Mobile Networks), Power Grid, Generator backup and last but not least, location has to be at least 100 km away from existing office location. The other aspect is to include all key internal stakeholders in the process to agree on important criteria that the vendor should meet.

• Discuss and agree with the vendor in terms of critical activities to be recovered, the timescales in which they are to be recovered and the recovery levels needed; the resources available at different points in time to deliver your critical activities and detailed actions and tasks needed to ensure the continuity and recovery of your critical activities.

• Technology-only approach towards resilience when planning for organizational resilience. Some organizations focus more on technology and do not give equal importance to other organizational resources such as people, premises, data, processes and supplies. This is addressed by creating appropriate awareness among stakeholders, identifying risks and single points of failure for organizational resources and recommending suitable risk mitigation measures to ensure the continuous availability of resources.