Context

The Flipkart Group operates some of India's largest digital businesses: Flipkart (the flagship e-commerce platform), Myntra (fashion and lifestyle), Jabong (during its operation as a separate brand), and PhonePe (digital payments, since separated). At its peak as an integrated group, the entities shared significant operational infrastructure — payment systems, technology platforms, logistics partners, merchant relationships — while operating as distinct businesses with their own product strategies, regulatory postures, and customer commitments.

Business continuity for organisations of this profile is not a single-site disaster-recovery exercise. It is a question of how to keep digital services available, payments flowing, deliveries on track, and customers served when any of the interconnected dependencies — internal technology, third-party providers, payment infrastructure, logistics networks — experiences disruption. ISO 22301 provides the international standard framework for managing exactly this kind of complexity.

Scope

The combined practice delivered ISO 22301 business continuity management implementation across the four named group entities — a coordinated group-level framework with entity-level execution. Scope covered business impact analysis, dependency mapping, recovery objective setting (RTO and RPO), continuity plan development, exercise programmes, and certification readiness across the entities.

Approach

The four-phase methodology, with the multi-entity coordination as the central design constraint.

  1. Scope. Business impact analysis at the group level — identifying critical processes, their dependencies on shared infrastructure, their entity-specific dependencies, and the recovery objectives that protect both customer service and intra-group obligations. Mapping the shared-versus- entity-specific control structure to the ISO 22301:2019 clause framework.
  2. Design.Group-level continuity framework — shared policies, shared exercise schedule, shared incident management protocols for cross-entity events — combined with entity-specific plans addressing entity-particular risks, regulatory obligations (PhonePe's RBI-regulated context being materially different from Flipkart's e-commerce context), and entity-specific recovery procedures.
  3. Execute. Implementation across entities — plan development, exercise execution, workforce training, supplier continuity validation, technology recovery testing, certification readiness preparation for entities pursuing certification.
  4. Assure.Independent review of the BCM programme's alignment with ISO 22301:2019, certification audit support where applicable, ongoing exercise programme assurance, and group-level reporting on continuity posture across the entities.

Outcome

ISO 22301 business continuity management institutionalised across the group — not as a one-time implementation, but as a sustained operating capability with clear ownership at group and entity levels, a regular exercise cadence, and the framework artefacts (BIA, dependency maps, recovery objectives, plans, exercise records) needed to demonstrate compliance and improve continually.

4 entitiesFlipkart · Myntra · Jabong · PhonePe
ISO 223012019 standard framework, group-level implementation
Group + EntityCoordinated framework, entity-level execution

Why it mattered

ISO 22301 in digital-first multi-entity groups is not the same problem as ISO 22301 in a single-entity manufacturer. The shared-dependency structure changes the BIA, the dependency mapping, the exercise regime, and the management review pattern. The Flipkart Group engagement is the proof base we use when advising other digital-first groups on how to structure BCM across entities without either over- centralising (which loses entity-specific risk fidelity) or fragmenting (which loses the cross-entity recovery coordination that the actual operating reality demands).