Beyond Business Continuity

by Amit Tripathi    May 15, 2007

The monsoon is round the corner in India and soon it would witness the annual ritual of submerged roads, railway tracks, powercuts, etc. The scenario gets worse in the country s thickly populated metros and urban areas. The rain succeeds in getting the cities grind to a halt, following collapse of public utility machinery. As a consequence, businesses are worst hit in terms of their employee absence, clogged supply chain, and in extreme cases result in termination of business transactions, and strategies of many enterprises. Reason: The system downtime resulted due to water logging in data centers, absence of key personnel manning back up facilities etc.

The rains, in Mumbai especially, have acquired a cult status post 26/7. Who would believe that even a few huge MNCs, who follow one or the other management best practices, could not save their server rooms from getting submerged under 5 feet deep water? In my interaction with some of the CIOs I could spot the palpable scourge on their faces as they narrated their plight.

It is said that public memory is generally short-lived. After the initial panic and a spell of corrective measures, a feeling of complacence creeps in. The fact that such tragedies might recur is generally overlooked. But, in Mumbai, the very first day’s rain, last season (June 1, 2006), had almost created a similar scenario like that of 26/7. Office goers were stuck on their way back home and in their offices, mobile phone connectivity went haywire, ATM s went down etc.

The moot point here is the extent to which we are business ready. Are we ready to face the calamities professionally, and do we have the capability to let our business remain unaffected? Many would consider the approach of Business Continuity Planning (BCP) that some enterprises adopt. However, are we able to differentiate between business continuity and recovery of business?

Today most businesses have documented BCP mechanism in place. In most cases this exercise is thrust onto the IT division thinking it’s just a matter of data redundancy and back up. That only takes care of the issue of temporary business continuity, mostly in terms of data and system availability.

Few of such approaches detail due measures towards recovering from the losses that were inflicted by the disaster. These losses typically range between data incongruence, customer dissatisfaction, physical facilities, and system losses. Do enterprises have mechanism to gauge the damage to their supply chain, missed opportunities of sale, extent to which their partners incurred losses, etc.? These are basically matters that business owners need to be prepared for, with long term as well as short term approaches. Data availability can only aid this whole process. A recent Ernst & Young report aptly concludes that although most organizations have BCP in place, they are inefficient to handle major disasters.

Moreover, in India, besides natural disasters, we need to recognize instances such as riots, strikes, and agitations as possible factors that can affect business. An enterprise wide security policy needs to take these into considerations.