|
|
|
  |
| Sunday, 29 May 2005 |
 |
|
 |
Business |  |
| News Business Features Editorial
|
Business Continuity and Disaster Recovery Planning In an interview conducted by Thushani Karunaratne from McQuire Rens & Jones (Pvt) Ltd, N.D.Wijetilleke shares his views on the significance of implementing preparedness strategies in Sri Lanka, where there is enough proof in place to suggest that for many organisations, the need to take Business Continuity Planning seriously is critical. Y2K, September 11 and the South-East Asian tsunami disaster are just a few incidents that have brought to our attention what has now proved to be a fundamental need for organisations around the world - the need for 'quick recovery' programs in the face of disaster, unforeseen or otherwise. Every business can experience a serious incident that can prevent it from continuing normal business operations and this can happen at any time. These can range from natural disasters such as the recent tsunami disaster that caused severe widespread damage across the nation, to man made disasters such as terrorist attacks or dire computer malfunctions. If we cannot prevent these disasters the next best thing to do is have proactive measures in place to defend against them. Business enterprises across the nation are increasingly realising that they have a responsibility to recover from such incidents in the minimum amount of time possible. This is where they will benefit from what is fast becoming the buzz term in business, Business Continuity Planning or 'BCP' for short. A conference titled 'Business Continuity and Disaster Recovery Planning' was organised by Information Systems Audit and Control Association, Sri Lanka Chapter (ISACA) in April 2005 at Hotel Taj. The chief guest Prime Minister Mahinda Rajapakse was represented by his secretary Lalith Weeratunga. The Guest of Honour was Minister of Science and Technology, Prof. Tissa Witharana. The aim of this conference was to focus the contribution to the national economy and information technology of Sri Lanka that ISACA could make. Eminent experts from India, UAE and Sri Lanka addressed the large audience comprising professionals in the fields of banking, IT services, Bluechip companies and public sector companies. N. D. Wijetilleke, Secretary to the ISACA Chapter UAE which has a membership of over 500 professionals and also the Manager, Business Continuity Planning at RAKBANK in the UAE, presented a paper on 'Business Continuity and Disaster Recovery Planning', at the conference. Q: What is Business Continuity Planning and what does it entail? A: An all encompassing term, BCP is a preparedness approach for organisations that can't afford to lose production and stop services. It's a methodology to create a plan for how organisations will recover within the shortest possible time after a disaster to resume their critical function/s. BCP includes Disaster Recovery Planning (DRP) which is the response to an interruption in activities through a disaster recovery plan restoring an organisation's critical business functions with the least possible down-time. Q: What is the relevance for Business Continuity and Disaster Recovery Planning for Sri Lanka in the current context? A: Disasters could happen in any form at any moment. It could affect a nation or an enterprise, but unless we are prepared to handle any of the threats it will result in chaos, suffering and massive loss of wealth and assets. Q: To what extent will your presentation impact local organisations? A: My presentation is focused on the enterprise level and is based solely on my knowledge and the successful implementation of such tools and techniques abroad. It is a preparedness strategy. Threats can be from natural disasters such as tsunamis or man-made disasters such as bomb explosions and cyber attacks. In any of these situations the organisation could be out of business for several days or weeks. We all know that such delays are not acceptable in a competitive environment. Q: Are continuity plans enough for organisations to be confident that they will be prepared when such disasters do strike? A: The most vital part of a BCP is the testing; unfortunately it is also the weakest. Properly written, well bound plans and procedures are not enough; they have to be accurately tested and validated in realistic conditions to recognise what really happens in a crisis. There has to be continuous training programs and rehearsals for the staff and all process changes need to be tracked and documentation updated for an organisation to assume a culture of readiness. The indexing/sorting system must be meticulously planned and communicated to the users of information in order to keep downtime to a minimum. Q: What are the challenges and barriers when implementing BCP? A: Most organisations have a mental hurdle to jump when it comes to employing BCP. There is a significant lack of corporate commitment towards BCP as many see it as an unnecessary cost and are therefore hesitant to devote adequate resources to see it through. Other problems include the scarcity of skilled people specialising in BCP/DRP, lack of time to meet deadlines, non-cooperation, lack of training and rehearsals and lack of plan maintenance. Q: What is your impression of preparedness strategies of other countries? A: Though people have been talking about and some global companies had BCP and DRP September 11 events triggered off the real necessities of BCP and DRP. New York Stock is a real good example of preparedness, i.e. NYSE was able to resume operations within a matter of hours because they had good BCP and DRP plans and their recovery site was lodged in a State thousands of kilometres away from the site of attack. Q: What would be your critical advice for Sri Lankan businesses? A: Organisations must be serious about BCP and DRP. They must implement right strategies to protect their people, ensure continuity of services/operations and protect their data. Organisations must take conscious note of the value of their data and
processed information because one feels the pain of data loss, only when one
loses data. |
|
|||||||||
| News | Business | Features
| Editorial | Security
| Produced by Lake House |
