An effective DR plan covers hardware and software critical for the business to restart operations after an eventuality. It should also include plans f

B
anks and financial service institutions are prone to business interruptions anywhere, anytime. It can be the result of natural occurrences, human interventions, environmental mishaps, technical faults of absence of expected services. In the 24x7x365 environment that these institutions tend to operate today, it has become mandatory for them to be prepared for any disaster scenarios. And since these institutions increasingly depend on electronic and real time modes in offering their services, it is necessary that they have a solid, tested and successful business continuity plan in place. These institutions also make use of highly complex technology and business models that are capable of delivering products that are world class and services that transcend international boundaries. Their customers today rely heavily on channels like ATMs, internet and phone banking and services like RTGS, which all work on high-end technology. And then there is the ubiquitous branches that are present all over the place, which are in turn connected to central servers facilitating real time transactions anywhere anytime. In such a scenario, any disaster can render the bank or the financial institution Virtually inoperative for hours or days, which impact their customers, which in turn affect it credibility and image. Besides, the very business of the institutions suffers resulting in losses of severe magnitude.
Anticipating disasters and preparing for them are part of the operations as does regular testing of IT services and back-ups. A well-structured and coherent disaster recovery plan will enable institutions to recover quickly and effectively from unforeseen disasters or emergencies, thus avoiding significant business
interruption and loss.
The RBI has recently mentioned that for all the banks it would be mandatory to deal in the electronic data / money transfers either through RTGS or other gateways. This is highlighting the need for the disaster recovery and business continuity.
There are several important aspects in implementing an effective disaster recovery plan: (i) Devising a plan - Specify what is relevant and important to the institution for it to be operational and how much time it would take for it to recover from a disaster and become operational. (ii) Monitoring the implementation of the plan - It is important to monitor the plan to ensure that implementation is done perfectly. Proactive monitoring and remedial measures like proper back-up and replication of data, preferably offsite, and similar measures have to be taken up which can result in lesser downtime in case of a disaster. (iii) Testing the disaster recovery plan - Rigorous testing of the plan has to be carried out periodically, which only will ensure that in the event of a disaster the recovery happens and happens in no time. (iv) Testing data restoration processes - With imprQved storage systems now available like disk-to-disk transfer of data, the backup software and hardware are of high relevance. These needs to be checked frequently so that there are no losses of any backed up data. (v) Redundancy - Having redundant servers for all critical data and proViding an alternative way to access that data are essential factors in an effective disaster recovery
plan. (vi) Tools to prevent data theft or data destruction - Insiders can be instrumental in causing disasters. The machines in the organization need to be made resistant to such threats. (vii) Engage experts to manage DR process - The whole exercise can be considered to be outsourced to experts - managed service providers as it will be better managed by them than an inside team.
What distinguishes a DR plan from Business Continuity Plan (BCP)? The Business Continuity Institute of the UK has described business continuity management as a holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities. BCP is not merely making arrangements for recovery of IT infrastructure, but a comprehensive plan that includes people, processes and non-IT infrastructure.
An effective DR plan covers hardware and software critical for the business to restart operations after an eventuality. It should also include plans for coping with the unexpected or sudden loss of key personnel. On the other hand, BCP has a business focus, not merely IT, and includes disaster recovery plan and IT. It is again enterprise wide, responsibility of the top management and can be outsourced. It should cover critical functions / processes, include business impact analysis, risk assessment, risk management and risk monitoring.
Initially, the concept of captive DR centers was prevailing, but now the shift is happening towards outsourcing the DR centers.
The key challenges that BFSI institutions today face are: (i) cost in managing compleXity; (ii) regulatory compliance; (iii) corporate performance; (iv) top line growth; (v) customer care; (vi) operational efficiency; (vii) governance; (viii) globalization; and (ix) building vs. outsourcing.
The growing demand for disaster recovery and business continuity solutions and services has given rise to several specialists. Among the leaders is Omnitech InfoSolutions. It is the first one in India to have managed its own disaster recovery centers. It already has two as of now - one being in Navi Mumbai and the second in Hyderabad. Both these centers meet the highest international standards. The company has planned to have a total of 8 DR centers across India, including the two mentioned above.
The company's DRP services encompasses professional services in the areas of workplace recovery, data vaulting, remote backup, DR servers/ storage and network equipment hosting, auditing - DR drills and so on. The company has a string of strategic alliances with global leaders like HP, IBM, DELL, and Symantec, which helps it to have inherent strengths like technical expertise, innovation and services.
The company is planning to offer solutions on four layers - workplace, equipment, data and people. The company intends to cover the entire country from eight strategic locations and every city will have near and intra city DR site. These will be developed in satellite townships around the hubs. Each DR site will double up as a far or intercity DR site.