Information Security Group
|
Business Continuity Management > Business Continuity, ICT/DR & Crisis Management

Introduction to the Global Business Continuity Activities

The Global Business Continuity Unit – engaged in organization wide continuity and resilience initiatives. The three important activities include Plan, Test, & Resolve. Strategic direction, integration with business needs, world best practices, customer assurance, establishing operational and organizational resilience are the strategic areas the Unit caters to. The Global Business Continuity & Resilience Authority implements and provides oversight through BCP/DR competent and certified practitioners across Delivery units, Support Services and Support Functions, Technical Infrastructure teams, CIO application administrators and suppliers.

Introduction to the Global Business Continuity organization structure

The organization structure of the Global Business Continuity Management Unit is provided below. The Unit rolls up to the CISO. The Function head leads the Unit. The Unit has multiple streams. COPS – is the Continuity operational planning stream which engages for the complete program. The GBC Oversight Actions include consulting and business continuity integrated plan review and availability risk indicators in the global risk register. The Corporate Testing Stream engages in corporate tests, drills, exercises through mechanized tools. Provides support for oversight to the Technical infrastructure team on request, Business units as well as support groups. Plan documentation, Tool support and Interconnect initiatives through our shared services model continues for RFP, Systems Interconnect, ICT/DR, Event management, Bespoke notifications and organization wide business continuity and disaster recovery activities.

Tech Mahindra business continuity management system governance is exhibited below. Best practices for business continuity planning, recovery strategy identification, plan documentation and testing are inclusive. Tech Mahindra maintains the business continuity and disaster recovery plans in LIGHTHOUSE an in-house developed toolkit. The Governance framework is hosted on the Business Management System (BMS). The Intranet Site is a ready reference for processes, guidelines and practices to follow step by step activities and achieve a successful, consistent Continuity planning efforts marching towards operational resilience and organizational resilience.

Glossary of Important Business Continuity Terms

Term Name Description
BC Business Continuity is abbriviated as BC
BCP Business continuity planning is the set of actions which include the ERP, DRP, recovery, restoration, resumption and return to normal operating conditions
BCP REP Business Continuity Planning Rep is abbriviated as BCP REP
BCP/DR REP Business Continuity Planning / Disaster Recovery Representative is abbriviated as BCP/DR Rep
BESPOKE NOTIFICATION A bespoke notification is a customized notification provided by the Global Business Continuity team during proximity or ongoing disruptions
BHR Business Human Resource Representative is abbriviated as BHR
BI Business Intelligence Views and Platform is referred as BI
CALLTREE CALLTREE is the framework and methodology to transmit a TWO WAY communication to seek acknowledgement of people safety OR a communication to receive an acknowledgement of ACTIONS DONE before, during, after the DISRUPTIVE or POTENTIAL DISRUPTIVE event
CHC Critical head count or Contingency head count are the critical human resources required to ensure that the function can meet minimum operating levels
CHECKPOINT A check point is an assessment conducted throught MSFORMS integrated with ENS / POSTMAN to assess business continuity impact analysis from the target project managers and related stake holders
CIO Team Chief Information Officer led team manages the Corporate Applications. This team is abbriviated as the CIO Team
CIO-TIM Technical Infrastructure Management team is represented as CIO-TIM or TIM
CORPORATE TEST A Corporate Test is any test / drill conducted by the Global Business Continuity Team utilizing Mechanized Tools for ensuring that organization resilience is tested, validated continuously
CORPORTE HR Corproate HR is the Corpoarte Human resource department for the organization
Critical Function A function which is essentially required to be operational to ensure minimum operating levels of the organization to meet essential services or/and minimum products, services, deliverables is a critical function. Example : Production support projects, TIM support, Corporate Services, Facilities
CS Corporate Services team is represented as CS
DEPENDENCY Any internal or external dependency either in Work from Office , Work from Home or Work from Customer location is identified as a dependency
DR REP Disaster Recovery Representative is abbriviated as DR REP
DRP Disaster recovery procedure is a set of actions which are executed to ensure that the minimum operating levels are met by enabling the critical functions to being operations to meet minimum operating levels
EHD Emergency / Employee Help Desk is abbriviated as EHD. Personal Security Issues, Accident Trauma, Medical Emergencies are reported on the Toll Free numbers
ENS Emergency notification System is abbriviated as ENS. This is a mechanized tool for CALLTREE
ERP Emergency response procedure is a set of actions done from the time the event is notified until people safety and assets are protected. Example: Evacuation of the building
ERT MEMBER ERT Member is the Emergency Response Team member who is engaged to enable a quick and safe evacuation of the building. Helping the ERT member is important. Self Nominating yourself as an ERT member can be done by registering with the Corpoarte Services
EVACUATION DRILL In the event of a FIRE or SAFETY the drill conducted to enable awareness of the evacuation process is an Evacuation Drill. Participation is mandatory for every occupant of the building.
EVENT A disruption which has the ability to cause disruption either to People, Environments, Geo-political aspects, Asset Protection, Premise non-accessability or disruption, Business Continuity and service continuity is known as an EVENT
EXTERNAL DEPENDENCY External to organization dependent supplier upport services, supplier teams, Customer teams, resources, IT infrastructure, premises, Facilities, Services are considered as internal dependencies
EXTERNAL SERVICES These are services which are always required to be available with in-build resilience to achieve minimum operating levels – Example : Power, Water, Data Communication services, Computing environments
FASTQ This is the distribution list for the First Assessment Team Queue by the Global Business Continuity Team
Function Any business process, IT project, knowledge management process or functional process is termed as a FUNCTION
FUNCTION BCP/DR Rep The Function Business Continuity Planning and Disaster Recovery Representative is abbriviated as the Function BCP/DR Rep
GBC Global Business Continuity is the team name which is the authority to institutiionalize the Business Continuity and Disater Recovery for the Company
GBC LIBRARY The Global Business Continuity Library which hosts HELP AID's for LIGHTHOUSE and BUSINESS CONTINUITY / ICT / SYSTEM DR activities is referred as GBC LIBRARY in the DASHBOARD / LIGHTHOUSE
GRR The Global Risk Register is abbriviated as GRR
HC This abbreivation represents the Head count. In BCP Plans the head count of only the associates who are engaged in the important activities must be indicated. The manager head count also to be considered as appropriate
HUB HUB is the abbriviated form to indicate that a service now ticket must be logged in for services/support
INTERNAL COMMS Internal Communications Team supports the organization for All Staff Communication needs and Human Resource Communication across the organization
INTERNAL DEPENDENCY Internal to organization dependent support services, teams, IT infrastructure, premises, Facilities, Services are considered as internal dependencies
LHR Location Human Resource Representative is abbriviated as LHR
LIGHTHOUSE LIGHTHOUSE is the Business Continuity Documentation, Testing and System of Record for the company
LOCATION BCP/DR Rep The Location Business Continuity Planning and Disaster Recovery Representative is abbriviated as the Function BCP/DR Rep
LOCATION COUNCIL The Location Council is the body at every building / premise which ensures that the location security, infrastructure, general management, delivery management and business continuity for occupants is governed. Members in the Location Council include representatives from support groups, services and service line delivery units
LOCATION CS HEAD Location Corprate Services Head is represented as Location CS Head
LOCATION CS TEAM Location Corporate Services Team is represented as Location CS Team
MAO The maximum acceptable outage is the time beyond which the business cannot sustain operations. (ISO22301:2012 guideline)
MSA Master Service Agreement is abbriviated as MSA for contracts with the customer for delivery of work products, projects
MECHANIZED CALL TREE The Call tree executed from ENS / POSTMAN is the mechanized call tree
MEDIA SPOKESPERSON The MEDIA SPOKESPERSON is the only authorized personnel to engage with the press media, social media, external agencies
NOTIFICATION A communication from the Global Business Continuity Team is technically referred to as a NOTIFICATION
ONE BCM ONE BCM is the list of Quick Access to exhibit the Business Continuity Plan, Test Results , ANYTIME PLAN VIEW for Audits, Assessments, Internal Audits, Customers
ONE WAY MESSAGE A One Way message is the message which is transmitted from POSTMAN without a survey URL for response.
POSTMAN POSTMAN is the mass communication and crisis communication toolkit. This is a mechanized tool for communicating mass messages in one way or two way
POTENTIAL PROXIMITY EVENT An event which has a potential to escalate to an event near or close to the proimity to the premise, locality, region is known as a potential proximity event.
PROXIMITY EVENT An event which is in proimity to the premise, locality, region is known as a proximity event
PROXY PM A representative of the Project Manager for an action in LIGHTHOUSE has a role of PROXY PM
REPORT CENTRAL Report Central is a sub-utility page holder to provide reports for Tests and Other administrative actions in LIGHTHOUSE
RISK REGISTER The register which maintains the idenfied risks and mitigation plans assocaited with the risk is termed as a RISK REGISTER
RISK TICKET A ticket which is focused on RISK identification is known as a RISK TICKET as a family
RTP Risk Treatment Plan is abbriviated as a RTP
SAA Safe Assembly Area. This is a demarcated area around the building marked for assocaites to assemble when the building is evacuated
SITUATION UPDATE A progressive communication from the Global Business Continuity TEAM is technically referred to as a SITUATION UPDATE
SNOW Service Now ticket is represented as SNOW
TICKET A document which indicates a need of a service or a request to remidiate a risk is termed as TICKET
TRAVEL DESK Travel Desk enables and facilitates Travel Domestic and International
TRAVEL SECURTY Travel Security is related to security for people who are in transit either in national or internaltional travel or local transit
TWO WAY MESSAGE A TWO WAY message is the message which is transmitted from ENS / POSTMAN with a survey URL for response.
VISA CELL Visa management is controlled by VISA CELL
1. Business Continuity Planning

The business continuity plan is documented, tested, and reviewed utilizing an in-house application “LIGHTHOUSE”.

LIGHTHOUSE provides screens as well as a host of integrated tools to complete the life cycle of business continuity management.

LIGHTHOUSE is the system of record for meeting adequacy to the business continuity management system.



Login in to LIGHTHOUSE : Follow the Screen below


2. Business Impact Analysis

Business impact analysis is a process which enables the function owner to assess and identify the critical, important business services in the operations.

The Business impact analysis process includes the following:

  • Identification of the criticality of the activity by assessing impact across specific attributes
  • Documenting the head count, contingency head count, IT Needs, Non-IT needs, Internal Support Dependencies, External Supplier dependencies
  • Documentation of Recovery Time Objective and Recovery Point objective
  • Documentation of Internal delivery requirements and support requirements
  • Identification and assessment of dependencies from and on customer entities, partner entities, relevant interested parties, infrastructure, service providers enabling Internet services, Cloud Services, Application hosting services and required digital technology services.
  • Alignment of recovery strategies, models to meet requirements of customers, regulations, contractual, legal, and business requirements.

The pictorial representation provides a view to perform the assessment across multiple steps.

3. Recovery Time Objective

Recovery time objective is the time by which the service essentially requires to begin and deliver the minimum operating level and important activities post a disruption.

A representation of the recovery time objective (RTO), recovery point objective (RPO) data capture in LIGHTHOUSE.

The Memorandum of Understanding (MOU) enables the integration of support services required by support, delivery as well as service organizations in the enterprise the ability to meet the recovery point objectives as well as recovery time objective.

The Memorandum of Understanding (MOU) is an internal agreement between the business continuity plan owner and the internal support service group provider. External supplier engagements and contracts are through the business unit, support function, procurement teams. Testing of the memorandum of understanding, external suppliers is validated by the respective business continuity plan owner in the business recovery tests scheduled, owned, executed by the respective plan owner and relevant dependency owner interested group.

4. Minimum Operating Level (Contingency Head Count / Critical Head Count & Resources)

The minimum operating level is the number of resources which includes the contingency head count or critical head count to recover the operation and begin services within the Recovery Time Objective (RTO).

To meet the Recovery Time Objective (RTO) , the Recovery Point Objective (RPO) has to be met so that the ICT / Systems Applications are available.

To meet both the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO) the contingency head count is required to be available for continuing services.

Key factors to consider and attention essential are provided as an exhibit.

5. Recovery Models and Recovery Strategies

To enable continuity business services continuity recovery models as well as strategies are documented and tested.

Multiple recovery models and strategies are required to be documented and tested to have a resilient business service.

The cost effectiveness of the recovery model and strategies must be discussed with the customers, stakeholders, and associated interested parties.

Documentation of the recovery model and strategy can only provide an assurance of being capable of recovering after BUSINESS RECOVERY TESTING is exercised by the plan owner engaging all direct and indirect dependencies and relevant interested parties.

Without TESTING the documented recovery model and strategy cannot provide an assurance that the model or strategy will work.

The test results are shared with teams as well as with customers to improve the capabilities as well as mitigate risks from learnings. Scheduling, Testing, Results, and associated Help Aid’s are available in LIGHTHOUSE. Utilizing the same is a vital and essential action for all Business Continuity Plan Owners

6. Business Continuity Plan Documentation and Steps

LIGHTHOUSE the system of record and the business continuity planning toolkit developed in-house. A quick view of the steps followed to document the business continuity plan is below.

7. ICT / Systems Disaster Recovery Plan Documentation & Testing

ICT (Information and Communications Technologies) / Systems Disaster Recovery planning and testing is integrated in LIGHTHOUSE. The documentation for the disaster recovery of systems is provided below as an exhibit. There are multiple templates and tests which are required to be executed by engaging stake holders.


8. Business Continuity Plan, ICT/ Systems Disaster Recovery Plan, & Supplier Continuity Plan Testing

Business continuity plans, ICT/Systems Disaster Recovery plan and supplier continuity plan provide an assurance of recovery capability of the documented plan only when TESTED. An exhibit providing a snapshot of the testing regime is a reference.

9. Testing Business Continuity and Disaster Recovery Plans provide a continuous assurance of readiness and capability to recover during disruptive events.
  • Testing continuity plans enables the plan owner to be assured that the documented plan and steps enable the business to respond, communicate, recover and restore services.
  • The validation of meeting the recovery point objective, recovery time objective provides assurance of the business continuity capability. Testing is conducted which engages people, business operations, services delivery from internal and external suppliers, support function, internal delivery units and partners.

Important actions to be followed in order that auditors, customers, assessors can value the efforts taken to schedule, conduct, learn from Business Continuity Recovery Test, Drills, Exercises and provide positive feedback. Adequate records, evidences exhibits a positive business continuity readiness posture for the company, the business unit as well as the project team.


10. Business Continuity Plan / ICT Systems DR Plan Sign off.

The Business Continuity Plan / ICT Systems DR Plan sign off is an essential vital record in the system as well as in the vital records repository. This sign off provides an assurance that the business continuity plan is documented adequately, tested adequately, reviewed, and refreshed as well as available for recovery of business. This also ensures and assures that the documentation is a living document and vital records are up to date for retrieval and activation as per requirements.

The customer / customer representative reviews the project roll up plan, test results and learning prior to signing off for the annual cycle of customer review.

The compliance representative signs off the plan from a adequacy and completion of all aspects related to risk mitigation and activities associated to contract compliance and business needs

The business head signs off after the compliance and customer representative signs off to complete the system of record entry in the business continuity planning system LIGHTHOUSE.

It is important to note that auditors, customers, third party assessors, regulators verify the sign off for business continuity plans not limited to documentation but also vital records as well as test results, learning, risks and risk treatment and fulfillment actions from accountable owners.

11. Crisis Management & Crisis Communication

The overall view of the crisis management is represented below. Crisis management engages teams across the company, locations, leadership. The Global Business Continuity Management Team steers crisis with respect to directing bespoke event management during potential and business disruption.


The organizational call tree is mechanized through Lighthouse -> ENS (Emergency Notification System) and POSTMAN ( Mass Notification System).

These systems enable a two-way acknowledgement survey integrated response and communication capability to seek acknowledgement from associates for People Safety and Availability. This is a standard companywide corporate utility which is deployed for global mechanized & business recovery testing , as well as before, during, and after a potential disruption.


The Event Management Flow to assess the situation and enable the bespoke notifications and line of action enabling People Safety, Asset Protection, Environment Safety and Continuity of Services protecting Organization Reputation is below as a quick view.


The Crisis Communication for associates is engaged by the Internal Communications Team and Human Resources, External & Social Media Communication is managed by the Media Spokes Person and Global Corporate Communications Team. Global Business Continuity Team continues to provide bespoke situation update notifications to enable business, support teams, location councils provide direction to local teams. Business to Customer Communication is engaged by the respective business unit and support from the corporate communications team, internal communications team, marketing teams as appropriate.

The Corporate Crisis Management Practice exhibits below the actions after an event is reported to have disruptive business impact on operations. Actions of the Global Business Continuity team engaging the First assessment team and providing bespoke notifications as well as Checkpoint assessments is visualized.

The Location Council, assessment of council members and premises, people, business availability along with updates to the Executive Leadership Council is presented in the flow.

The Executive Leadership Council actions and decision-making process as well as crisis communication to customers, external media and social media is represented in the quick view exhibit.

Utilization of point tools – Lighthouse for business continuity plans, ENS for Emergency notifications and mechanized call tree, POSTMAN for mass communication capabilities during crisis. In case of technology failures, the conventional call tree methodology is followed through the people managers ensuring people safety, availability, and continuity of important services.

12. Business Continuity Integrated View for Customers

A snapshot of the business continuity, ICT/Systems DR interconnect integrated with Facilities , Support and Crisis Management and Communication is exhibited below.

Recovery models for returning business to operations in Hybrid, Work from Office, Work from Home (Remote) or as per Customer direction must be implemented post risk assessment and necessary preparedness for continuity of business.

In view of this multiple options can be chosen. It is important to remember that resilience is an outcome only when business is continuous. Multiple strategies enable continuous business and continuous profits.

The Project Manager is accountable to establish the recovery model in consultation with the business head, customer representative, compliance rep, Global Business continuity team and support teams Corporate Services, Technical Infrastructure, Management , Human Resources, Resource Management team and Location Building managers for Hybrid model, Work from office and other models. Applicable Memorandum of Understanding (MoU) must be signed for new services / upgraded if already exists.

The below pictorial representation provides an overview of the check points as well as considerations to establish a resilient business environment.

For More Info Contact

Name Email Address
Harsha Sastry Head – Business Continuity Global Unit harsha.sastry@techmahindra.com
Global Business Continuity Team Shivani, Javed, Shahid, Jayesh, Harsha globalbusinesscontinuity@techmahindra.com
Copyright © Tech Mahindra Limited. All Rights Reserved