IDBI Intech - Business continuity planning


Published on

Business Continuity Planning - Automatic DR Switch - Microsoft SQL Server

Published in: Business, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IDBI Intech - Business continuity planning

  1. 1. INFORMATION SECURITY CONSULTING PRACTICEBusiness Continuity Planning Approach Paper “For Want of a Nail…” For more information, please contact Mr. Pramod Gosavi, +91 989 030 4884, Mr. Malik Fairose Ismail, +91 720 942 9678,
  2. 2. BUSINESS CONTINUITY PLANNINGBusiness continuity planning (BCP) is “planning which identifies the organizations exposure to internal and externalthreats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization,whilst maintaining competitive advantage and value system integrity”. It is also called Business continuity &Resiliency planning (BCRP). The logistical plan used in BCP is called a business continuity plan. The intendedeffect of BCP is to ensure business continuity, which is an ongoing state or methodology governing how business isconducted (Source: Wikipedia).Businesses today face unparallel level of multi-dimensional challenges. Navigating an organization through theeconomic and competitive challenges was an overwhelming strategic task for most of the executives that we hardlyfind any mention about business continuity plan in their business agenda. Not anymore. Organizations, over therecent years, have learnt the importance of preparing for rare and uncertain events that could be unfolded by natureand by human threats. Planning ahead of the perfect storm with adequate sensory and recovery controls could helpbusinesses to keep the lights on. For the end customers, having a robust business continuity plan would onlystrengthen the confidence they have on the business and improve the overall trustworthiness and loyalty factors.IDBI Intech Limited suggests a four step business continuity planning approach.APPROACH & METHODOLOGYSTEP 1: REVIEW OF THE CURRENT RECOVERY PROCESSES & PROCEDURES  Intech would gain a complete understanding of the client’s IT infrastructure and processes. A project plan will be prepared in the beginning to guide the project execution and delivery.  Study the applications for which DR solution will need to be implemented  Conduct meetings with process owners  The following documents will be reviewed  BCP & DR policy  Existing Disaster Recovery Strategy 2|Page
  3. 3.  Disaster Recovery Plan  Recovery and Resumption Procedures  Third Party Agreements  Roles and Responsibilities of DR teamsDeliverables  Project Plan  IT – Current Status Report (for applications under scope)STEP 2: BUSINESS IMPACT ANALYSIS (BIA) & RISK ASSESSMENT (RA)IDBI Intech will conduct the business impact analysis and risk assessment analysis using questionnaires andinterviews with key process owners. Multiple interviews for certain processes will be required when a function hasmore than one owner or when interviews with several persons are necessary to better understand the process.Our overall objective in this phase of the project is to gain an understanding of the business processes, servicesand to lay the framework of a BCP & DR plan. The primary areas on which our interviews focused will be:  Identification of critical business functions  Applications associated with critical business functions  Interfaces between business functions  Ratings for Impact parameters against various timelines  Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for the business applications and IT ServicesDeliverables  Business Impact Analysis (BIA) Report  Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements 3|Page
  4. 4.  Risk Assessment (RA)STEP 3: DESIGN & DEVELOP RECOVERY STRATEGY  Based on the BIA report, Intech team will develop different strategies for the various functions.  The strategies will be discussed with the client team. Based on following parameters the final strategy will be selected  It should match the RTO & RPO of the process/application  Minimum changes to the existing recovery strategy  It should be cost effective  BCP & DR plans will be updated based on the existing strategyDeliverablesThe various procedures that would be developed in this stage are:  BCP & DR Plans  Testing Procedure  Operational Procedures for maintenance of solution  Escalation Matrix  Team Structure for DR (including a mix of vendors & internal Bank teams as required)STEP 4: TESTING  Intech team will prepare BCP & DR testing plan  Disaster recovery team will be form  Intech team will provide necessary training to the member of the DR team 4|Page
  5. 5. Deliverables  Roles & Responsibilities related to the BCP/DR  Individual Recovery procedures  Call tree  DR testing calendar  Road map for rolling out the plan at bank’s other offices  Comprehensive plan maintenance document  BCP Plan Test  Disaster Recovery Strategies for individual Application Setups  Testing & Reporting Templates  DR Run-book for each application setupRESPONSIBILITIES IDBI Intech’s Responsibilities Client’s Responsibilities  Provide the project team with a full time Project  Provide a Project Sponsor to be the point of Manager, to manage the project and liaise with contact for the Project Manager the Project Sponsor  Facilitate availability of bank team members for  Protect the confidentiality of client’s information discussion and review. and documentation, obtained through the  Provide the overall direction and decision project, which is not in the public domain making for the project  Maintain the project delivery as per mutually  Provide Bank authorizations as necessary agreed Project Plan 5|Page
  6. 6. IDBI Intech’s Responsibilities Client’s Responsibilities  Provide regular project progress updates  Provide timely access to appropriate personnel against approved timeframes and notify the  Provide Bank documentation and information Project Sponsor at the earliest, of any action or needed by the Project Team problem foreseen that may jeopardize the  Provide details of Bank policies and guidance successful completion of the project or the performance of the Project Team  Project acceptance and sign off in a timely manner  Perform their services in a professional manner and work closely with the Bank representatives  Provide staff with professionally certified skills and expertise to undertake the project  Provide a transfer of knowledge to Bank staff  Program management of the implementation phase, with roll out of the programs based on logistics and purchase support from Bank as detailed in the proposalCALL FOR ACTIONInformation Technology has become an enabler of 21 Century businesses. BCP and other risk managementstrategies will make sure that IT remains as the strong catalyst to translate business strategy into execution.With increasing regulatory pressures and emerging natural and human driven threats, businesses should revisittheir risk management strategies and ensure adequate fail-safe management and recovery strategies are in place.BCP should be a part of the business and corporate strategy. It can no longer exist in isolation only within the realmof Information Technology. As the saying goes, “a stitch in time saves nine”. 6|Page