Following the torrential rains in South India and the subsequent flooding, organizations had to implement their business continuity plans (BCP). The city was not aware of a new natural catastrophe until the rains began to fall on the relatively dry area. For most companies in Chennai, a BCP (business continuity plan) was required to deal with this new type natural disaster.
What is BCP?
Although ‘Business continuity’ is not an InfoSec specialty, it was urgently needed in Chennai. Business continuity is the ability to continue business operations at another location in the event of disasters until repairs are made. It involves dealing with shareholders, partners, customers, and other important stakeholders. Without them, an organization will not function properly.
We will discuss the NIST publication’s business continuity plan. NIST publications provide security measures that can all be adopted by businesses, educational institutions, and organizations. These publications can help organizations develop a strong security posture. NIST 800-34 is the ‘Contingency Planning Guide for Federal Information Systems’.
What are the steps of a BCP?
These are just a few of the steps that NIST 800-34 describes:
1. Create a contingency plan policy. This policy is the foundation of a successful continuity plan. This policy is the guideline for the BCP and assigns the roles.
2. Perform the business impact analysis (BIA). BIA allows an organization to identify key functions and prioritize them. During this process, vulnerabilities, threats, and risks are also calculated.
3. Identify preventive measures Preventive measures are taken to reduce the risks identified by BIA.
4. Develop contingency plans Effective recovery strategies must be created so that all systems can be restored after a disaster.
5. Create an information system contingency planning. This plan should include steps to restore the systems to their original state.
6. Ensure plan testing, training and exercises. All BCP should have been tested to ensure they meet the goals. Any gaps should be identified, and should be addressed. To ensure that employees behave appropriately, training and exercises should be provided.
7. Ensure plan maintenance. Only a well-maintained plan can be successful. This document should reflect any changes in the organization or other enhancements. (Contingency Planning Guide for Federal Information Systems, 2010)
How did Chennai firms invoke their BCPs?
IBM, which had one-fifth its Indian employees in Chennai, moved key personnel to Bangalore. This allowed them to maintain business continuity, and maintained 24×7 relations.
Cognizant relocated some employees to Chennai, which was not affected by the floods. They also allowed employees to work remotely from home, and moved some employees to other cities. Some employees offered to stay at work and work on important projects.
Infosys has moved many of its employees from Bangalore to Hyderabad and also offers work from home opportunities.
After the Chennai office was temporarily closed, HCL moved several of its employees to Noida when it was flooded.
TCS offered the option to work remotely in order to maintain client relationships.
Wipro offered Chennai employees the opportunity to work from home. Tech Inc is marooned by the rains of Chennai; companies like IBM, Cognizant and Infosys implement contingency plans and relocate key staff members
Electricity systems were checked, fuel and food were stocked, and boats were set up to allow movement within Chennai.
Business continuity plans are essential in today’s world, as unthinkable catastrophes like earthquakes, floods, and tsunamis continue to rock the world.
