 BUSINESS FUNCTION RECOVERY PRIORITIES

Used to recover essential business operations at an alternate location site. This is an offsite strategy that
is put into effect by the Disaster Recovery Teams. IT functions will be restored by the Information
System and IT teams based on critical business

functions.

1. In scenario 1 of a fire at a data centre, during this time, the malfunctioning of operations can
lead to a soft target for hackers. Therefore, beefing up endpoint security, deploying VPNs and
encryption, protecting data is a priority
2. Gap analysis to be carried out to identify the gaps in recovery requirements and current
capabilities
3. The disruption in the supply chain must be mitigated by routing the orders and delivery details
to other plants therefore helping in load sharing. The two-wheeler company being heavily
automated will pose a challenge as the entire system will have to be rebooted to route business
to other plants
4. Manufacturing capacity there at other operational sites to be increased and the IT infrastructure
is to be updated to reflect and coordinate this.
5. Additionally, a new offsite (backup) storage facility is to be identified and its activation to be
coordinated.
6. Tapes, cartridges and large capacity USB drives with integrated data backup software must be
mobilized to ensure continued operations so functioning of other facilities even if dependent on
the affected locations, must continue to function normally.
7. Destruction to plant, property and equipment also require immediate attention to mitigate the
risk to physical assets including IT infrastructures at these sites.
8. Incident stabilization in terms of recovering unaffected/partially affected IT infrastructure.
9. In both cases, another priority would be established lines/channels of communication with
employees and between employees and shift operations temporarily to remote working in order
to respond to delayed orders and communicate with customers efficiently.
10. In both cases, the suppliers, and customers (awaiting delivery for vehicles) must be informed of
the disruption and resulting delay which can mitigate the financial loss.

 RELOCATION STRATEGY

All IT infrastructure and articles obtained partially damaged/unharmed in the fire and flood to be safely
relocated and attempts for restoration at an alternate site to be carried out on priority so as to not
impact operations.

Scenario 1: Fire at Data Centre

Data confidentiality, integrity, and availability to be taken care of through alternate storage and space.
For this, accessible, off-site repository of software and documentation to be set up.

Recovery testing to be set and started so as to return to normalcy

Another data Centre with superior load handling capacity to be identified immediately and all
functions/backed up data to be shifted, hereafter coordinating with facilities and plants in place of the
one struck with disaster

Scenario 2:

All customers to be informed of the delayed delivery dates. Increase in production in an alternate plant
supported to be coordinated and the IT infrastructure to be updated/modified accordingly.

As compared to the fire, the restoration plan in this case might be further delayed and hampered due to
the fact that it might take longer to assess the situation and search for alternative location until the
flood/rain subsides and transport all articles to safety and restore IT ad telecommunication lines as
surrounding areas might also be affected and this disaster might not be firm specific

 ALTERNATE BUSINESS SITE

There can be 4 types of Alternate site:

1. Cold Site: In order to support the IT systems, a cold site normally comprises of a building with enough
room and infrastructure (electric supply, telecommunications connections, and environmental controls).
Raised flooring and other features that are appropriate for IT operations may be present. However, the
longer recovery period compared to other alternative sites and the inability to test its viability before an
actual calamity happens. Also, these sites does not contain IT equipment and office automation
equipment like telephones, copier machines.

2. Warm Site: Warm Sites are office premises that are only partially furnished and have some or all the
necessary technology, software, telecommunications, and power sources. However, the time and effort
needed to resume operation is the main drawback of a warm site in comparison to a hot site.
Consequently, a warm site won't be appropriate for purposes involving crucial transaction processing.

In this case, warm site cannot be considered because:

 Applications cannot be installed or configured on the hardware at the warm site.

 The necessity to recover datasets from backup media.
 In the warm sites, workstations and external telecommunication links might not currently be
available or set up.

3. Hot Site: A hot site is an office that is configured with the required system hardware, supporting
infrastructure, and support staff that are available around-the-clock. It is sized sufficiently to
accommodate system requirements.

Also, a hot site will have:

a. Each program required for remote transaction processing

b. As in the current working environment, all workstations are connected, installed, and
maintained up to date with the newest settings and software.
c. Once a disaster is declared, the hot site service provider will typically be informed to get
ready for the data restoration procedure. The organization's staff will restore the most
 recent backup files and complete the data upgrades when they get to the hot site. It is
possible to restart regular business as soon as possible. The time for healing can be
speed up even more.

Hence, we chose to go with this alternate Business site. Though this method will be quite costly we
assume being a manufacturing 2-wheeler company with heavily IT automated system they will be able
to afford this.

4. Mobile Site: A mobile, self-contained site that has been specially outfitted with the
telecommunications and IT hardware required to meet system requirements is called a mobile site.

The facility is frequently transported on a tractor-trailer, which can be driven to the desired alternative
location and put up there. Mobile sites should typically be designed in advance with the service provider
and a service-level agreement (SLA) should be negotiated between the two parties for them to be a
feasible recovery solution. As it can take a long time to set up a mobile site a full plan and collaboration
are crucial. This will guarantee that the mobile site won't take longer to load during a disaster than what
the system can tolerate. Considering the 2-wheeler manufacturing company with large data this option
cannot be feasible as long wait can have further repercussions on the business meet.

 RECOVERY PLAN

A recovery plan is a structured approach to resume the operations of the organization as efficiently as
possible.

1. Salvage the leftover equipment from the manufacturing plant along with any documentations
and, salvage data and files from the Data center in Mumbai.
2. Appoint a Disaster Recovery Team to implement the Disaster Recovery Plan.
3. Identify the extent of the damage caused to facilities from flooding and fire along with the loss
of critical information from the Mumbai data center and the major manufacturing plant.
4. Identify the immediate deliverables meant to be completed by the manufacturing plant and the
work dependent upon the data stored in the data center of Navi Mumbai and distribute the
workload to backup facilities in alternate locations.
5. Identify and review the current as well as the past disaster recovery procedures to identify
similar incidents and their solutions.
6. Implementation of the restoration plan post approval from the board along with the necessary
budget.

 RECOVERY PHASES
1. Disaster occurrence: The disaster of fire in the Navi Mumbai Data Centre is declared and the
decisions are taken according to the recovery plan. Alternatively, in the case of flooding of a
major plant, the recovery plan is followed.
2. Plan activation: The existing Business Continuity Plan (BCP) is exercised in this phase. In case of
fire in data centre, the plan for continuity of business is executed step by step. The same is for
the case of flooding of plant.
 3. Alternate site operation: This phase will continue till the main site’s problems have been solved
completely and the facilities of the main site are completely restored. In the case of fire in data
centre and flooding of plant, the normal operations will resume only when all the damages done
due to fire and flooding respectively are taken care of and the BCP will be taken into
consideration.
4. Transition into primary site: When the primary facility is ready for normal operational use, the
correct steps need to be taken in order to ensure that all the normal operations are resumed as
usual.

 RECORDS BACKUP

Cloud Backup: A cloud backup approach, also known as online backup, entails transmitting a copy of
your primary data to an off-site server through a public or private network. A third-party service
provider (CSP) often hosts the server and costs according on the amount of bandwidth, capacity, or
users. 

A good-sized company like this can afford a private cloud instead of going to public cloud.

 RESTORATION PLAN

In the event of a facility disruption, critical records located in the Navi Mumbai Data Centre may be
destroyed or inaccessible.  In this case, the last backup of critical records in the secure warehouse would
be transported to the secondary facility.  The number of critical records, which would have to be
reconstructed, will depend on when the last shipment of critical records to the offsite storage location
occurred. Mumbai management will arrange the frequency of rotation of critical records to the offsite
storage site. The following categories of information can be exposed to loss:

1. Any files stored on-site in file cabinets and control file rooms- Old sales records, tax papers,
business deals .
2. Information stored on local PC hard drives – Client information, Order information.
3. Any work in progress – New vehicle designs being worked upon.
4. Received and un-opened mail – Client query, business queries.
5. Documents in offices, work cubes and files – day to day information, suppliers’ information
6. Off-site records stored in the Records Warehouse (if this is not a secure, hardened facility) –
details about manufacturing plants, business growth plans , proposals , dealers information .

For manufacturing plant:

Apart from the Work in progress material and machinery, there is a high probability have the flooded
plant had information regarding, received raw materials, dispatched finished goods , daily wages and
staff management records and plans.

 RECOVERY TEAMS

In the event of a facility disruption, the IT Disaster Recovery Plan strategy should be to assist in re-
establishing connectivity to all departments and to establish remote communications to any alternate
business site location. In the current data centre is affected by a fire and plant disruption, the IT Disaster
Recovery Plan should include recovering processing at a pre-determined alternate site. In this case, data
communications will be rerouted from the data processing hot or cold site to the respective alternate
business site locations.

1. For affected locations it is necessary to contact your respective Information Technology

department in order for the team to initiate action.
2. The data centre may or may not have the same print capability if the disruption affected the
data centre badly, so it may be necessary to prioritize printing of output. The EOC
Administration Team in conjunction with designated delivery/courier services will distribute mail
to all alternate business sites and plants.
3. Every data centre and department (Admin , HR , ..) in headquarters at Mumbai should have a
Department specific recovery team , with a Team lead , backup lead and members , whose
responsibilities are defined in appendices along with phone numbers.

Responsibility of IT Recovery Team-

4. Putting the IT Technology Recovery Plan into Action

5. Managing the IT catastrophe recovery and response protocols.
6. IT resource mobilisation and management
7. Coordination of all communications-related activities with telephone and data communications,
PC and LAN support people, and other IT-related vendors as needed.
8. Assisting with the acquisition and installation of equipment at the recovery site if needed.
9. Ensure that cellular phones and other special order equipment and supplies are delivered to
teams on time.
10. Participating in equipment and facility testing.
11. As needed, assist in the transfer of operations from the alternate site.
12. Coordination of recovery location.
13. Coordination and execution of all desktop PCs, LANs, telephones, and telecommunications
access repair or replacement at the damaged location.
14. Disaster Recovery/IT Coordination

 RECOVERY PROCEDURE

 Assess damage
 Recovery Time Objective (RTO) – The maximum time that the automobile company should be
able to tolerate is 1-2 days and Recovery Point Objective (RPO) - the amount of data that the
firm can afford to lose is that of more than 8 years ago as per gov requirements.
Identifying Critical (Material present in plant for insurance claims, client data , pending order
data ), important, and unimportant data for the company.
The BCP indicates both these and makes it easier to assess the damage for the responsible.
2. Stabilize the situation and Begin salvage operations
This includes notification to the management at all levels , all recovery teams and calling off for
help.- Backup, saving physicals components , because of the significance, disruption, and cost of
declaring a disaster, appropriate facts should be gathered and considered before making the
decision to declare a disaster. Individual groups/department personnel or the respective
Department Management Teams should not unilaterally decide to declare a disaster.  This is
responsibility of the Emergency Management Team.
3. Begin restoration procedures
This stage includes relocation to alternate site, depending on the amount of vital records and
other materials teams are able to retrieve from the primary site, arrangements to transport this
material to the alternate site. If the material is not too great, this could be accomplished by
giving to employees to carry along with them.  If the material is a large amount, then make
arrangements for transport services and/or overnight courier services. Management and critical
employees travel to alternate site.
4. Resume operations
Regular work begins at alternate sites along with searching which vital records, forms, and
supplies are missing and also the restoration continues.