What Varuna devan(rainGod), Sinking Chennai Corporation and billion $ cognizant’s of the world have in common?

Business Continuity and Disaster Recovery is the connection !

Today i heard a story about a DBA getting canned by his management for questioning what’s the organization’s BC strategy. God save that company ..

Quoting Cognizant because it’s almost head quartered in chennai wrt all of its offshore activities. Whether they have readiness planned completely when chennai is going down because of a natural disaster. I doubt so..

We can learn a lot from 9/11. America was able to handle 9/11 swiftly because they had it in their DNA.

https://www.sec.gov/divisions/marketreg/lessonslearned.htm

http://www.computerworld.com/article/2510996/disaster-recovery/9-11–top-lessons-learned-for-disaster-recovery.html

http://www.techrepublic.com/article/sept-11-teaches-real-lessons-in-disaster-recovery-and-business-continuity-planning/

http://www.continuityinsights.com/articles/2011/09/10-years-lessons-9-11

Whether business continuity is about a maintaining an excel full of plans, say to
management that u have put everything together to help them with their ISO 27001, PCI DSS, HIPAA missions ?

No, it’s not !

https://www.fema.gov/media-library/assets/videos/80069

It’s about a religious, flexible, user friendly management system where you need to feel confident about your own organization’s continuity in serving it’s customers even in the case of any type of disasters.
It need not necessarily a excel, even it’s thinking process done and mapped
somewhere and implemented real time, you’re set to go.

https://en.wikipedia.org/wiki/Business_continuity_planning

https://youtu.be/9tu9SRszmr4

Business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company.

A business continuity plan is a plan to continue operations if a place of business is affected by different levels of disaster which can be localized short term disasters, to days long building wide problems, to a permanent loss of a building.

The important things to take care is,
1. Test the BC plan not just table top.
Table top means mimicking world class disasters in table itself and claim “naam ke vaas” that it works. Ask your {h}indian friend for meaning of naam ke vaas.
2. Do some real time mock drills where shut down a site without notice and see if the DR site can manage the core minimal operations atleast.
3. Audit and document regulalry, it’s a living process.
4. enlighten the whole organization about this setup as a small tiny new developer may be the only one who know about the service which need to be kicked off for the new module to work in DR.
5. Test it often
6. Do 1 to 5 till you reach maturity.

https://en.wikipedia.org/wiki/Disaster_recovery

Disaster recovery (DR) involves a set of policies and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.

Disaster recovery focuses on the IT or technology systems supporting critical business functions,as opposed to business continuity, which involves keeping all essential aspects of a business functioning despite significant disruptive events.

Disaster recovery is therefore a subset of business continuity.

http://www.lynda.com/Design-Documentaries-tutorials/frogs-FEMA-Disaster-Relief-Innovation/162943-2.html

7 Tiers of Disaster Recovery

Tier 0: No off-site data – Possibly no recovery
Tier 1: Data backup with no hot site
Tier 2: Data backup with a hot site
Tier 3: Electronic vaulting
Tier 4: Point-in-time copies
Tier 5: Transaction integrity
Tier 6: Zero or near-zero data loss
Tier 7: Highly automated, business integrated solution

 

 

In the recent rain sink of chennai city, not sure how the IT Service mammoths like cognizant to wipro sustained their operations. They have presence in bengaluru, hyderabad, etc. But still I’m sure about their dependency as the BC/DR planning is always done for naam ke vaas and we know that our customers come handy for convincing.

 

I don’t want to even touch our billion $ startups as they may think i’m hurting our own community. I’m sure we’ve not even ventured into the first steps of any such large scale Business process improvement things in our startup world. Forget about it, there’s Didi Kuaidi and many more waiting with their million $ cheques, who care for business continuity. I forgot to mention the guys who are writing large cheques also dont know how to handle the large disasters.

Please be mindful that, it’s not ecommerce, helpdesk, travel, service company, its applicable for all.

If you’ve not put your acts together, atleast now..

Few useful resources

http://continuity.georgetown.edu/business/toolkit

http://www.iso27001security.com/ISO27k_Roles_and_responsibilities_for_contingency_planning.docx

http://www.iso27001security.com/NB_model_job_description_for_Business_Continuity_Manager.docx

http://www.nascio.org/publications/documents/nascio-drtoolkit.pdf

ISO/IEC 27031:2011 Information technology — Security techniques — Guidelines for information and communications technology readiness for business continuity http://www.iso27001security.com/html/27031.html

http://www.iso.org/iso/catalogue_detail?csnumber=44374

ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization’s ICT readiness to ensure business continuity.

It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.

The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.

https://www.bicsi.org/uploadedFiles/BICSI_Website/Global_Community/Presentations/Southeast_Asia/1.7%20IT%20Resilience.pdf

http://www.bcm-institute.org/

http://www.tmcnet.com/topics/articles/2012/10/02/310160-rise-cloud-bcdr-smbs.htm

http://www.itgovernanceusa.com/shop/p-733-iso27031-isoiec-27031-guidelines-for-ict-readiness-for-business-continuity.aspx

http://www.ready.gov/business/implementation/continuity

http://searchdisasterrecovery.techtarget.com/definition/business-continuity-action-plan

http://www.cio.com/article/2381021/best-practices/how-to-create-an-effective-business-continuity-plan.html

https://www.sans.org/reading-room/whitepapers/recovery/introduction-business-continuity-planning-559

https://www.fema.gov/media-library/assets/videos/80219

Leave a Reply

Your email address will not be published. Required fields are marked *