Do You Have a Business Continuity Plan Yet?

by Hinesh Jethwani & Ankush Sohoni    Jul 30, 2004

The 9/11 disaster has opened up the eyes of many, establishing the fact that no business is infallible. In the event of a disaster, Indian banks have the dubious reputation of being the most poorly equipped in comparison to global counterparts.

So do you have a Business Continuity Plan (BCP) yet? That’s the question extensively probed and analyzed in the “Indian Banks Association (IBA) & MAIT National Conference on e-Security & Business Process Continuity” held in Mumbai today. With a voluminous presence from the who’s-who in the banking industry, the event saw the coming together of various thought leaders chalking out a concrete school of thought for disaster contingency planning.

Speaking on the occasion, U S Roy, general manager-IT, State Bank Of India, said, “We have already witnessed the drawbacks of not having a strong BCP in place with the Orissa cyclone and Gujurat earthquake incidents. The notion that BCP is not a good investment is false economy. Moreover, many in the industry believe that BCP is a synonym for Disaster Recovery (DR), when in fact, DR is only a small subset of the BCP umbrella. It’s the responsibility of the business head to take ownership of BCP and not the CIO’s.”

SBI is moving towards a concrete BCP model, for which it has even deployed a highly expensive application-based replication system for its treasury.

Delivering a wake-up call to the banking industry was Captain Raghu Raman, global practice head, Mahindra Consulting Special Services Group. He said, “A lot of different certifications exist in the market today. The issue of developing a secure environment revolves primarily around change management, without which these certifications are useless. Culturally, enterprises are yet to evolve, as far as considering information as an asset is concerned. True assets are not the inventory that you hold today, but what you would tomorrow. The traction of movement of security policies is just not taking place today.”

On the occasion, G.M. Shenoy, senior vice-president, NSE.IT Ltd., detailed the security initiatives taken by NSE. He said, “NSE’s system has been designed to handle 8 million trades during the day, or 1000 messages/per sec. With a network supported by 3,000 VSAT’s and 1,000 leased lines, a concrete emphasis is placed on security. Online replication of trade data takes place at a disaster recovery facility in Chennai. Trading applications are distributed to over 350 locations, and user IDs are locked to each area of access. The system can also identify the type of terminals logging on. A private Closed User Group (CUG) provides secure trading, which is supported by a proprietary backbone protocol. Frequency hopping prevents any kind of snooping activity from taking place. Moreover, there is no direct connection between internal LAN and public domain.”

“As a part of NSE’s BCP, trading is carried out from the backup facility once in six months,” concluded Shenoy

Professor K Subramanian, senior deputy director general, National Informatics Center (NIC), said, “Security is not a technology but a management practice. Globally, citizen tracking is facilitated by the use of identification cards. Barring disparate systems in India, like voting cards, ration cards, driving licenses, etc., there is no singular provision to identify citizens in the country. We are building a National ID Card system to fulfill the requirement, which will rest on a secure national database. A pilot is already on for the same.”

NSE.IT already has customers for its BCP offering, including NSE, Clearing Corporation Of India (CCIL) and BPCL (that uses it to provide continuous availability to its SAP R/3 ERP).

The event also had a feedback session, allowing technology heads representing various banks to come up with a collaborative solution for various issues plaguing BCP’s models today.

Tags: banks