1

Business Continuity Plan

This plan is roadmap to provide continuous operation of critical business functions under predefined circumstances.

The misfortune of Mumbai city causing numerous natural or intentional disasters and in past few years and in the recent past has impacted the corporate world. CEOs are now dead serious about securing their prized assets, data, clients, manpower and infrastructure. While concepts like Disaster Recovery (DR) aren't new, the issue of Business Continuity (BC) has suddenly gained importance. We at Integreon have a BCP plan that addresses all such risks and secures systems that are vital to business operations.

A Professional agency conducted a survey to check the preparedness of Indian industry. The results of the survey were shocking:

79 percent of the respondents do not have a documented and tested BCM (Business Continuity Management) plan.

Among the respondents highly dependent on IT, 64 percent do not have a corporate-wide BCM plan in place to address business disruption risks.

A Gartner Research report titled 'What is Crisis Management' indicates something similar. Gartner says 85 percent of Global 2000 enterprises have established a disaster recovery plan for core technology and infrastructure, but only 15 percent have a full-fledged business continuity plan. In another report Gartner projects that by 2007 more than 70 percent of large enterprises will have invested in business continuity planning compared to fewer than 25 percent today.

While everyone stresses the importance of BCP and DRP, few Indian organizations actually get down to documenting, implementing and testing it. Mumbai is a fairly risk-prone city. We've had natural disasters but we've always recovered from these. This attitude has been the same in the corporate world.

Imperative it is for us who are heavily dependent on IT infrastructure and manpower to design and implement a Business Continuity Plan (BCP). Integreon Managed Solutions Admin understands this need of the hour and its importance and this document is an earnest effort in this direction.

Scope

The following was the methodology for creating this Business Continuity Plan:

Assessments

Identify critical processes, systems and resources Classify disruptions in terms of business impacts and estimated duration of

outage Prioritize business functions and processes by impact category

2

Establish Maximum Tolerable Outage and Recovery Time Objectives for critical business functions

Document internal and external operational and site risks Document state of preparedness and mitigation opportunities Evaluate and document vulnerability to physical and/or data security Evaluate current contingency plans and document short-falls and

opportunities for enhancement

RecommendationsEvaluate and document technology backup considerations including alternative sites, transport and telecommunications and transport requirements

Recommend BCM policy guidelines for enterprise Design and recommend crisis management infrastructure Design and recommend organizational considerations Identify and recommend process improvement opportunities Identify and recommend new tools that can be employed Evaluate existing business continuity plans and recommend enhancements

Our BCP necessitates the provisioning for redundancies at all levels. This includes not just servers, storage, networking equipment and connectivity links, but also other infrastructure services like cafeteria, transport and power supplies. The plan will cover all risks that could possibly affect our business and ensure business continuity ranging for a few hours to days. The plan ensures continued availability, reliability, and recoverability of resources and provides an enterprise-wide risk-based approach, covering People, Processes, and Technology and Extended services to ensure continuing availability of business support systems and minimize disruption risks. Highest level of seriousness for business continuity is reflected to meet the stringentrequirements of our clients providing round-the-clock support, including the plan to move employees to the BCP site and resume operations in the advent of an emergency in a matter of hours.

The disaster factors considered in the preparation of the BCP are:

3

POWER

BCP for Power in event of Fire, Flood or any other emergency:

Power Sources: There are three sources of power available to us at Andheri:

1. Primary Raw Power – Supplier Reliance Energy.2. In-house Uninterrupted Power Supply “UPS” 3. A 125 KVA Diesel generated set located out on the ground level of

Tradestar Premises.

Power Operation:

Primary Reliance ----- UPS ----- Server’s & Systems

The average consumption of power in terms of unit consumed for Andheri is ________ units.

The primary power supply’s main panel is located in the basement of our premises along with switchover panel from primary power to DG set and back. If the elevators are working the approx time taken to reach the panel is 5 mins* (including waiting time for the elevator). The route is generally avoided, by staircase it takes about 3 minutes (this route is the primary route taken in case of a primary power failure.

Normal Primary Power Supply

4

Primary Power Supply Failure:In case of Primary Power Supply Failure, due to non-availability of automated switch over to DG set-UPS supplies the power to all the Servers, Desktops, and printers. Each room/hub at Andheri delivery center is equipped with emergency light, which operates on rechargeable batteries (charged automatically when primary power is on). In event of Primary Power failure while the UPS supplies power to Servers, Desktops, and printers, the emergency light supply adequate light to the rooms/hub.

There exists a visual mechanism at the security desk that indicates the primary power failure. The housekeeping staffs along with the security guards are trained to operate the DG set and to respond with utmost urgency switch it on DG set. This process normally takes about 5 to 7 mins. The UPS provides power to Servers, Desktops, and printers as under:

100% load – 10 to 15 mins* 75% load – 15 to 20 mins* 50% load - 20 to 27 mins*

*based on actual experience.

Diesel Generator Set:

The 125 Kva diesel generator set is located on an elevated platform (approx 4 feet from the ground) with the building premises.

5

The diesel generator set is manually operated. The approx time taken to start the DG set is about 6 to 7 mins. The entire house keeping staff and security staff is trained to operate the DG Set. The DG set holds approx 125 liters of diesel in its tank and additionally we store around 200 liters, this ensures smooth and continuous power supply for about 12 hours.

We have a Diesel Gas Station at about 700 meters from diesel set who supplies us diesel on demand to feed the generator for longer haul.

6

Backup DG Set:

Incase, of Diesel Generator set failure, we have contracted with a vendor to supply us with a mobile diesel generator set.

Manpower Planning

Every company has employees it considers "critical Assets" or "key Assets". What if some of our employees refused to come to the office during an infectious disease (ID) epidemic, claiming their jobs just weren't worth risking their lives--or the health of their families?

How many people in our company's IT department, for example, should be considered "critical"? If the file server crashed, or if the e-mail system went down we can see this will get a bit thorny...

A report says, inter-alia other findings, that most companies won't consider adjusting employee compensation:

"...results show that the majority of respondents are unlikely to increase compensation for employees taking on additional responsibilities to maintain business-critical activities. Only 26 percent indicated they would provide an increase in compensation for employees taking on additional responsibilities."

In the U.S., it was 39 percent; in the U.K. and Hong Kong, the rate was just 17 percent.

It can be assumed that's its 'whistling past the graveyard'. We have just not yet experienced the real impact of a single human point-of-failure.

In order to tackle this problem and to put to rest the fears of our associates their report says, inter-alia, that most companies won't consider adjusting employee compensation:

"...results show that the majority of respondents are unlikely to increase compensation for employees taking on additional responsibilities to maintain business-critical activities. Only 26 percent indicated they would provide an increase in compensation for employees taking on additional responsibilities."

In the U.S., it was 39 percent; in the U.K. and Hong Kong, the rate was just 17 percent.

It can be assumed that's its 'whistling past the graveyard'. We have just not yet experienced the real impact of a single human point-of-failure. We have rigidly fought all emergencies head on.

It seems obvious that for functions that only one person knows how to do, or is the only person authorized to do, or is the only one who will do, we will eventually say, effectively, 'We'll do whatever you ask to get you to do the work. What do we have to do?'

We respond by "offering home pick-ups and ensuring proper overnight living conditions coupled with proper medical setup available to take care of any

7

contingency".

It wasn't compensation that employees were talking about during the SARS outbreak in Asia in 2003. It was personal and family safety. It will be in a future epidemic, too.

So, we at Integreon offer inducements to our employees that address personal health and safety fears.

Family Safety

Integreon offers medical insurance up to 100000 INR. This encourages our associates to come to work knowing that they and their family members are insured and medically taken care of. And we stand a better chance of persuading that employee to come to the office.

Personal Safety

We offer a private car and driver to transport all our associates to and from work.

Safe work Environment

We offer a disinfected room in which to work at the office. A proactive team of housekeeping staff works 24x7 insuring cleanliness and high standard of hygiene using disinfectants to ensure complete and totally safe and hygienic working conditions.

2. "Knobs, handles and buttons": the most common route of transmission for influenza is touch. To inhibit the spread of disease, the cleaning crew uses alcohol on door knobs, FAX machine keys, copier machine buttons, the coffee-dispenser buttons, faucet handles in the toilet, telephone handsets... you get the idea. Cleaning is a continuous process at Integreon

3. Personal protective equipment (PPE) like masks is available and made mandatory in times of an epidemic.

Shift Scheduling:

The shift leads of all operating hubs, on an ongoing basis create their shift schedule keeping the above model in consideration in anticipation of disruptive situation. Hence, their talent mix is maintained to an optimum level ensuring proper availability of associates to ensure business continuity.

Crisis Communication

In times of crisis communication is of the essence

Transport

We have at our disposal a fleet of 8 five seated Sumo’s that are available 24x7. Additionally we have 2 buses plying 6 times between two stations (Andheri Station and Kurla Station) providing station pickup and drops at the start and completion of the three shifts.

8

In recent past, we have had situations the Mumbai city that tested the transport service and the results have been satisfactory. The impact on transport services are directly related to time and extent of the disruption. However, at any given time we can have 5 vehicles at our disposal to encounter disruptive situations to home drop or home pickup

We have indigenously devised a method which we apply in case the BCP is initiated.

When the BCP is initiated the shift lead commences the task identifying associates based on the above model and the transport services are pressed into service. We have also contracted with the transport vendor to provide extra vehicles on demand at a short notice. We had the opportunity in the recent past when we made this demand and the results were satisfactory.

The above model ensures Business Continuity with 45 of a disruptive situation. At any given time during the weekdays, we have about 100 associates in-house (about 25 on weekends). In case of a disruptive situation these are the resources at hand which can stay back to ensure business continuity in addition to the additional resources which can be brought in 45 mins.For those associates who will be staying back to ensure business continuity we have the following arrangements in-house.

In-house inventory of emergencies suppliesItem Qty Location Responsible

T-shirts 100 Housekeeping SecurityUnder Garments Ladies/Gents

100 each Housekeeping Security

9

Tooth Paste 10 Housekeeping SecurityTooth Brushes 10 Housekeeping SecurityCombs 10 Housekeeping SecurityFirst aid medical Sufficient Housekeeping SecurityBeds 15 Housekeeping SecurityLarge carpets 2 Housekeeping SecuritySoap 15 Housekeeping SecurityHair Oil 2 bottles Housekeeping SecurityPulses and Cereal Sufficient Housekeeping SecurityBlankets/Sheets 2 Housekeeping SecurityMagi noodles 288 Cafeteria CafeteriaParle Biscuits 288 Cafeteria Cafeteria

Sandwich MaterialEnough to make 75 Sandwiches

Cafeteria Cafeteria

Lunches/dinner Abundant Cafeteria CafeteriaResting/Sleeping Space Abundant Empty Hubs SecurityTelevision 1 Cafeteria Security

The stocks of the above material is always maintained and checked for expiration date on a weekly basis

Fire Emergency Preparedness: Procedural Documentation

10

Introduction The events of July 26th 2005, Mumbai deluge, and the Bird flu scare in Mumbai have escalated a need for emergency preparedness, training and the need for a robust program which expends the need for emergency preparedness and response training in case of fire, floods, medical emergency and vulnerabilities in the face of natural disasters and severe weather conditions.

It is Integreon’s responsibility to provide a safe place for all employees to work. The objective of this document is to document procedures and equip and prepare members of the Emergency Response Teams for emergency preparedness.

The area of emergency preparedness is extremely broad and includes the following areas:

Fire Natural disasters

Emergency preparedness can be divided into three categories: emergency preparedness for businesses continuity and to secondly to take charge in event of an emergency. In addition emergency preparedness is often known as emergency planning, emergency response, or disaster response. Since emergency preparedness is a broad subject area, this document will focus heavily on emergency preparedness

11

as it applies to the workplace environment, as this has historically we have suffered a few times since inception.

FireIdentifying potential causes of fire lies at the heart of preventive measures we can take to avoid a potentially volatile situation.

Primary Causes of Office Fires In any investigation of the causes of office fires, the “usual suspect” is the electrical system. Fire threatens whenever the protective insulation of wires or cables is damaged and where faulty installation or operating conditions result in loose connections and splices. In addition, the growing use of electric coffee makers, hot plates, and portable shredding machines, air conditioners, computers has greatly increased the risk of office fires.

While much attention has been given to the health risks posed by smoking, its role as a major cause of fire has rarely made it into the headlines. The countless cigarettes and matches used by smokers in the smoking zones pose a substantial threat this however can be easily minimized through education and simple office procedures.

In today’s office, a significant amount of combustible materials is more likely to be the rule than the exception. Office furnishings, such as wooden desks, chairs and bookcases, upholstered furniture, plastic cushions and office machinery, all provide fuel for fires.Interior finish and construction also can contribute to the combustible loading. Some areas might have plywood, hardboard or solid lumber wall paneling, vinyl wall covering, wooden doors, carpeting on floors and walls, built-in wooden cabinets, wooden area dividers or movable partitions between work areas.

All these are potential causes that can either ignite or add to a fire situation.

CHECK LISTDaily Checklist For Electrical Equipments Andheri Delivery Center

Date: -_______________ Time: -___________

Sr. No

LOCATIONElectrical switches

LightsSmoke

Detector / Alarm

Air ConditionsElectrical

panelsShredding machine

Remarks

12

1 RRD              

2 Customer Service              

3 Application Development              

4 Server Room              

5 Empty Hub              

6 RRD’s Manager’s Cabin              

7 Staircase              

8 IT Storage              

9 Cafeteria              

10 Men’s Room              

11 Ladies Room              

12 Electric Panel Room              

13 Training Room 1              

14 Conference Room              

15 Training Hub              

16 Training Room 2              

17 Training Room 3              

18 Housekeeping Storage              19 Reception Area              20 Staircase              

21 Intralinks              

22 IT Room              

23 Finance              

Sr. No

LOCATIONElectrical switches

LightsSmoke

Detector / Alarm

Air ConditionsElectrical

panelsShredding machine

Remarks

24 Empty Hub              

25 Growthink I              

26 Admin              

27 Bloomberg Room              

28 Growthink II              

29 Bear Pres Graphics              

30 Bear Research              

31 HCM              

32 KS-Analytics              

33 Shared KS              

34 Cabin 1              

35 Cabin 2              

36 Cabin 3              

37 Cabin 4              38 Cabin 5              

38 Cabin 6              

39 Cabin 7              

Security on Duty: -_________________            Name: -________________                        INTEGEREON AUTHORISED SIGNATORY

Risk Assessment:Hazard Who might

be harmedExisting controls Relevant

standardsRisk

assessment

Future actions

Fire Occupiers, visitors,

contractors staff

Policies and practices for

Fire detection system

Evacuation

Fire risk assessments carried out by

Admin

Low As recommende

d by Continuous

Improvement

13

Hazard Who might be harmed

Existing controls Relevant standards

Risk assessmen

t

Future actions

procedures Fire action

notices No smoking

policy Provision &

maintenance of fire extinguishers

Collection of flammable waste

materials Electrical

maintenance

A good standard of compliance with Health and Safety requirements is maintained in Integreon - Andheri.

Steps followed in the eventuality of Fire

Any fire within the premises will be detected by fire and smoke detectors. The following is the count of these detectors:

Smoke AlarmLOCATION  RRD 5Customer Service 1Application Development 25th Floor Server Room 2Empty Hub (Previously DCGS) 2Application Development 2RRD’s Manager’s Cabin 0Staircase 0IT Storage 0Cafeteria 2Men’s Room 1Ladies Room 0Electric Panel Room 0Training Room 1 1Conference Room 1Training Hub 2Training Room 2 1Training Room 3 2Housekeeping Storage 0Reception Area 2Staircase 0Intralinks 0IT Room 1Finance 1Empty Hub (Previously Lehman) 2

14

Growthink I 1Admin 1Bloomberg Room 0Growthink II 1Bear Pres Graphics 1Bear Research 1HCM 1KS-Analytics 1Shared KS 2Cabin 1 1Cabin 2 1Cabin 3 1Cabin 4 0Cabin 5 1Cabin 6 1Cabin 7 1

The audit reveals that Smoke and fire alarms needs to be installed in the following locations:

Smoke and Fire Alarm Sensors to be Installed

Qty Required

RRD’s Manager’s Cabin 1Staircase 1IT Storage 2Ladies Room 1 & 2 2Electric Panel Room 1Housekeeping Storage 1Intralinks 1Bloomberg Room 1Cabin 4 1Passages on the 4 & 5th floors 5

With the recent reconstruction activity we are taking care of installation of these smoke and fire alarms.

The Smoke detectors acting as early warning system will trigger the fire alarm, which is and will be audible to all the occupants. Once the fire is detected the Emergency Response Team “ERT” will swing into action to evacuate the premises.

The ERT consists of the following:

15

ERT Members List - Andheri Delivery Center

16

Dept First Name Last nameRRD Bhavin Sangoi  Amit Patel  Somil Dharia  Abhishek Shetty  Harish SharmaCS Prashant Warrier  Nevil CheddaAD Samuel Suripogu  Ajish Kurian  Rahul AwacherIntralinks Parag Shah  Sandeep SuryavanshiTraining Pradnya Patil  Ronak Mehta  Samit MhatreGrowthink Aarti DograShared KS. Ashwin Poojari  Bishwjit DadwalFinance Mahadev Mulgir  Vicky Busa  Anup VarakHCM Faizal Roshan  Mitual Parikh  Mitesh Shah  Arvind Ambekar

Admin Jaswinder Sohal

  SecurityIT Tarique Sheikh  Krishna Kumar Pillai  Santosh Lokhandne

There two exits on the fourth floor (One main exit and an emergency exit). The Hub Wise exit usage guide is as follows:

17

There are some structural/architectural hindrances to free movement to occupants in areas like Staircase and Passages. Which needs to be addressed separately?

The members of the ERT will ensure orderly, smooth and chaos free evacuation of the occupants to a designated area near Sony entrance which is a no parking zone and can accommodate about 100 people outside the building (100mtrs away).

Designated Area

18

There are some structural/architectural hindrances to free movement to occupants in areas like Staircase and Passages. Which needs to be addressed separately?

Deactivation of Access Server

Deactivation of the Access Server currently is a manual action, which will be initiated by the on duty security personnel, which easily accessible so that the deactivation takes place with in 5 seconds of the alarm.

Admin will coordinate with IT to look into the feasibility of automatic deactivation of the Access Server.

Fire Control

We have outsourced (Usha Fire fighting Services – Mr. Nikhil (Mobile # 9322768033), for the training and preparatory session for Emergency response team to be trained in fire fighting and to conduct mock drills. Once this training is completed the ERT will be equipped and ready to extinguish fire.

We have 24 fire extinguishers strategically place to be used in case of fire. All these extinguishers are serviced and validated for the next one year.

19

We are in the process of procuring a 3 portable public addressing system to be used by the ERT to control the occupants and communicate in an eventuality.

The Location of the file extinguishers is as follows:

The 5th floor has 8 fire extinguishers, which are strategically placed; we are in the process of drawing up the floor plan to indicate their locations.

Inspection of the Damage & Continuity

After extinguishing the fire the team members will inspect the area for damage and conduct a root cause analysis, Evaluate the extent of damage done, will evaluate if it

20

impact on business continuity, if yes then in how much time can it be restored. The team will calculate time frame and decide if the restoration can happen without affecting the SLA’s. The restoration process would include furniture, desktops, air-conditioning, essential services like cafeteria, washrooms, communications etc. If the restoration is not possible and would affect SLA’s the shift people to off site Integreon – Powai and resume normal operations with 6 hours. The ERT will evaluate whether it is safe for the employees to come into the building and resume normal operations in all other areas and accordingly let them in.

Corrective actions

Based on the RCA, identify what corrective actions need to be taken to Prevent recurrence of the incident. Implement the corrective actions and check its effectiveness through periodic audits.

Barriers considered

In this BCP all barriers and obstacles were confronted, the primary one being investment to meet the ultimate objective to create redundancies for almost all systems. We have considered innovative alternatives to avoid exorbitant cost.

Once the designed BCP plan is approved the investment and commitment will follow. Then the challenge is to implement it in phases.

21