What has been your BCP strategy in the aftermath of the COVID-19 outbreak in India ?
We have implemented a robust BCP plan for the organization. It is approved by the external audit agency and our board. Once we understood the gravity of the situation after COVID-19 outbreak across the country, our preparedness for ‘Work from Home’ for all employees kicked off on March 20. The objective was to protect the employees as per the Government guidelines; business continuity should not be affected and customers should not face any hindrance in claim intimation and renewal of policies.
We had met a similar challenge during the fire tragedy at IOC in 2009. Our support office was adjacent to the place of fire. We had learned the lessons then. In fact, the situation was much grave then than now. So we were very confident of making all the necessary arrangements.
In the last two years, the focus had shifted more on online as well as digital platform. So, we were optimistic that business sourcing will not be a big challenge. We are effectively using mobile apps as well as online platforms developed by Novac Technology Systems (NTS), which is contributing almost 70% of total business done in a month. These services are working through Secure Socket Layer (SSL). We have dedicated SOC team at Chennai. The centre is constantly monitoring through state-of-the-art surveillance systems.
Further, we have added new threat indicators and advisories to tackle cyber threats around COVID19. Response teams are on high alert to support clients round the clock.
We have empowered the support office staff from the underwriting, claims, actuary, customer helpdesk, accounts and payout departments to work from home through SSL VPN tunnel through DLP (Data leak Prevention) software, with restricted access and few users through VPN tunnel with two factor authentication. Thus, the security aspect is also looked in to avoid any kind of glitch at a later stage.
As we are premier users of Google Suite, we use Google Hangout to do Video conference. The respective stakeholders are using hangouts effectively to interact with their subordinates. All the users are using Wi-fi data cards as well as mobile data packs to connect from their respective homes.
We have a dedicated security and network management team at our support office.
What kind of content can be shared when all of your employees are working from home ?
We have classified our data as public and private. Public data is being transferred through e-mail and confidential data is being sent through DRM – Digital Rights management software.
There are desktop users who are critical users. For them we have given laptop, which connects to the office desktop through the laptop we have provided. They can neither copy from or into the laptop.
For how many days have you procured the necessary resources for all the employees working from home ?
We had provided laptops and tablets to few key users the day we stepped into the digital platform. We had very good vendor tie-ups and in a span of two days we got additional laptops to connect from home. Some laptops hired on a rental basis and many are fresh purchases. Now our entire system is operational, the employees are safe and working from home effectively.
Is there any time window for which the network resources will be made available during the day?
Our support office as well as branch locations are well equipped with dual internet leased line (ILL) system. The Data center is equipped with more than 1 Gbps bandwidth to handle any kind of network load. Network load balancer is also implemented to handle such scenarios. Dedicated Network engineers are available in the NOC round the clock monitoring any kind of network outages and coordinating with concerned ISPs for restoration.
Your BCP plan is as per the recommendations of which industry body / vendor / international convention, etc ?
Our BCP plan is as per ISO 27001:2013 guidelines and reviewed by external auditor like TUV-SUD Germany every year. It is also approved by the board of directors.
Additionally, we have automated the whole process, in an Automation tool. We can move the application anytime, without any manual work with limited resource.
How will employee attendance be posted in the system?
Our employee attendance system is web based and available on the mobile platform. When working from home, we have enabled Web Punch in both the facilities to capture the exact date and time for both IN and OUT in the system. Also it will make the user to capture geo location of that area, which will be recorded for attendance calculation for payroll department.
What about the feet on street, now since they will work from home and not make customer visits, are they doing virtual customer meets?
Our marketing team is well versed with the digital platform and they are effectively them. We have also made our foot print ready on WhatsApp. Customers are sending documents through WhatsApp and they can be tagged during policy sourcing through Mobile apps. Similarly policy documents are being dispatched through WhatsApp and email too.
For backend operations, how far have you reached in exploring the public cloud option ?
We are yet to make our foot print on public cloud as there are few challenges on the regulatory and compliance front. Although few insurers have started their entire operation on public cloud, we have taken a cautious stance. We are evaluating and doing proof of concept now. We will adopt public cloud after adhering to compliance requirements.