Tech DD

Are you prepared ?

As an investment fund, how do you ensure that the entity you are investing is prepared to face the unexpected and unannounced calamities - from covid to a war?

In this article, we explain you what to look for in BCP/DR while doing the due diligences.

BCP / DR policies and procedures is One of the critical control category we cover during our Tech DD cycles for investment funds. For those who are unaware, BCP / DR stands for “Business Continuity Plan and Disaster Recovery”.BCP and DR are somewhat 2 different aspects but they are essentially 2 sides of same coin !

Let’s first understand what it means and why is it so important.

Business Continuity Plan refers to strategies, policies and procedures that enable a business continue operate (business as usual) during and immediately after a disaster. It is a blueprint for guiding business operations during recovery from disastrous situation or business interruption.

Disaster Recovery is preparing for recovery in case business is interrupted. It refers to having ability to recover. It includes what steps to be taken and by whom, when disaster happens.

Why is it important ?

  • To ensure business continues as usual in-spite of disaster
  • To ensure customer’s trust in the brand
  • To ensure business is not lost to competitors
  • To safeguard against monetary loss during disaster
  • To safeguard against data loss during disaster
  • To ensure high performance and availability while business scales

What goes in ?

It is true that not all businesses will need both – BCP and DR. But business must at least know what goes in BCP / DR and then decide what suits best.

  • Identifying what are critical workflows that must be running always Identifying whether the business has regulatory or compliance obligations to cover BCP / DR
  • Identifying team / owners who shall execute the plan in case of disaster
  • Identifying budget that can be allocated for replica / secondary site that can be made available when primary goes down
  • Identifying what all business functions need to be recovered e.g. Tech platform that generates the business must be recovered but functions like Marketing & sales, HR, Legal can wait until the operations are restored.
  • Preparing organizational policy for BCP /DR
  • Making the policy available to all team members
  • Communication plan to inform all stakeholders about the disaster when it happens
  • Steps to execute when disaster happens
  • Staff training
  • Partnership with local emergency response services
  • Regular audit and updating to the policy
  • Periodic testing, documenting and improvising the plan

Business can also appoint expert consultants who can help them derive BCP / DR plan suitable to their business.
With a plan that is strategically prepared, tested, and updated on a regular basis, businesses should be able to handle disasters without loosing customer trust in their brand.