Business Continuity Planning - Automatic DR Switch - Microsoft SQL Server

1. INFORMATION SECURITY CONSULTING PRACTICE
Business Continuity Planning
Approach Paper
“For Want of a Nail…”
For more information, please contact
Mr. Pramod Gosavi, +91 989 030 4884, gosavi.pramod@idbiintech.com
Mr. Malik Fairose Ismail, +91 720 942 9678, malik.ismail@idbiintech.com

2. BUSINESS CONTINUITY PLANNING
Business continuity planning (BCP) is “planning which identifies the organization's exposure to internal and external
threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization,
whilst maintaining competitive advantage and value system integrity”. It is also called Business continuity &
Resiliency planning (BCRP). The logistical plan used in BCP is called a business continuity plan. The intended
effect of BCP is to ensure business continuity, which is an ongoing state or methodology governing how business is
conducted (Source: Wikipedia).
Businesses today face unparallel level of multi-dimensional challenges. Navigating an organization through the
economic and competitive challenges was an overwhelming strategic task for most of the executives that we hardly
find any mention about business continuity plan in their business agenda. Not anymore. Organizations, over the
recent years, have learnt the importance of preparing for rare and uncertain events that could be unfolded by nature
and by human threats. Planning ahead of the perfect storm with adequate sensory and recovery controls could help
businesses to keep the lights on. For the end customers, having a robust business continuity plan would only
strengthen the confidence they have on the business and improve the overall trustworthiness and loyalty factors.
IDBI Intech Limited suggests a four step business continuity planning approach.
APPROACH & METHODOLOGY
STEP 1: REVIEW OF THE CURRENT RECOVERY PROCESSES & PROCEDURES
 Intech would gain a complete understanding of the client’s IT infrastructure and processes. A project plan
will be prepared in the beginning to guide the project execution and delivery.
 Study the applications for which DR solution will need to be implemented
 Conduct meetings with process owners
 The following documents will be reviewed
 BCP & DR policy
 Existing Disaster Recovery Strategy
2|Page

3.  Disaster Recovery Plan
 Recovery and Resumption Procedures
 Third Party Agreements
 Roles and Responsibilities of DR teams
Deliverables
 Project Plan
 IT – Current Status Report (for applications under scope)
STEP 2: BUSINESS IMPACT ANALYSIS (BIA) & RISK ASSESSMENT (RA)
IDBI Intech will conduct the business impact analysis and risk assessment analysis using questionnaires and
interviews with key process owners. Multiple interviews for certain processes will be required when a function has
more than one owner or when interviews with several persons are necessary to better understand the process.
Our overall objective in this phase of the project is to gain an understanding of the business processes, services
and to lay the framework of a BCP & DR plan. The primary areas on which our interviews focused will be:
 Identification of critical business functions
 Applications associated with critical business functions
 Interfaces between business functions
 Ratings for Impact parameters against various timelines
 Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for the business applications and IT
Services
Deliverables
 Business Impact Analysis (BIA) Report
 Recovery Time Objective (RTO) and Recovery Point Objective (RPO) requirements
3|Page

4.  Risk Assessment (RA)
STEP 3: DESIGN & DEVELOP RECOVERY STRATEGY
 Based on the BIA report, Intech team will develop different strategies for the various functions.
 The strategies will be discussed with the client team. Based on following parameters the final strategy will
be selected
 It should match the RTO & RPO of the process/application
 Minimum changes to the existing recovery strategy
 It should be cost effective
 BCP & DR plans will be updated based on the existing strategy
Deliverables
The various procedures that would be developed in this stage are:
 BCP & DR Plans
 Testing Procedure
 Operational Procedures for maintenance of solution
 Escalation Matrix
 Team Structure for DR (including a mix of vendors & internal Bank teams as required)
STEP 4: TESTING
 Intech team will prepare BCP & DR testing plan
 Disaster recovery team will be form
 Intech team will provide necessary training to the member of the DR team
4|Page

5. Deliverables
 Roles & Responsibilities related to the BCP/DR
 Individual Recovery procedures
 Call tree
 DR testing calendar
 Road map for rolling out the plan at bank’s other offices
 Comprehensive plan maintenance document
 BCP Plan Test
 Disaster Recovery Strategies for individual Application Setups
 Testing & Reporting Templates
 DR Run-book for each application setup
RESPONSIBILITIES
IDBI Intech’s Responsibilities Client’s Responsibilities
 Provide the project team with a full time Project  Provide a Project Sponsor to be the point of
Manager, to manage the project and liaise with contact for the Project Manager
the Project Sponsor
 Facilitate availability of bank team members for
 Protect the confidentiality of client’s information discussion and review.
and documentation, obtained through the
 Provide the overall direction and decision
project, which is not in the public domain
making for the project
 Maintain the project delivery as per mutually
 Provide Bank authorizations as necessary
agreed Project Plan
5|Page

6. IDBI Intech’s Responsibilities Client’s Responsibilities
 Provide regular project progress updates  Provide timely access to appropriate personnel
against approved timeframes and notify the
 Provide Bank documentation and information
Project Sponsor at the earliest, of any action or
needed by the Project Team
problem foreseen that may jeopardize the
 Provide details of Bank policies and guidance
successful completion of the project or the
performance of the Project Team  Project acceptance and sign off in a timely
manner
 Perform their services in a professional manner
and work closely with the Bank representatives
 Provide staff with professionally certified skills
and expertise to undertake the project
 Provide a transfer of knowledge to Bank staff
 Program management of the implementation
phase, with roll out of the programs based on
logistics and purchase support from Bank as
detailed in the proposal
CALL FOR ACTION
Information Technology has become an enabler of 21 Century businesses. BCP and other risk management
strategies will make sure that IT remains as the strong catalyst to translate business strategy into execution.
With increasing regulatory pressures and emerging natural and human driven threats, businesses should revisit
their risk management strategies and ensure adequate fail-safe management and recovery strategies are in place.
BCP should be a part of the business and corporate strategy. It can no longer exist in isolation only within the realm
of Information Technology. As the saying goes, “a stitch in time saves nine”.
6|Page