Development and Implementation of Information Protection, Business Continuity and Disaster Recovery Plans for a Pharmaceutical Company
When the world's largest pharmaceutical company wanted to protect their information assets and reduce security risks associated with IT, they approached Mahindra Satyam to seek assistance in creating an Information Protection Plan (IPP), Business Continuity Plan (BCP), and Disaster Recovery Plan (DRP). The idea was to strengthen security and create awareness among employees related to information security awareness. The company had invested $7.68 billion towards research and development because of which it was important to secure their information assets. Mahindra Satyam started the projects and was immediately faced with some challenges. To start with, the solution needed to be customized because the customer had country-specific requirements that were different for different points across the company. Therefore, Mahindra Satyam was required to train business users to understand the classification of information assets by explaining a Risk Assessment (RA) methodology. They also had to facilitate the BCP/DRP plan tests and then document the processes and plans. Mahindra Satyam chose three consultants and used its experience of developing and implementing Business Continuity (BC) and Disaster Recovery (DR) plans using the CoMBAT methodology. The biotechnology firm also created teams within countries that consisted IT personnel and representatives from different critical business functions. The entire process involved collaborative development of the IPP, BCP and DR plans. Consultants worked with the core teams to perform process mapping and information object identification; business impact analysis; risk assessment; and gap assessment.