Monday, May 27, 2019
Disaster Recovery Planning in Banking Sector Essay
On September 11, 2001, the terrorist attack destroyed the World Trade Center in New York, which was the most highly concentrated financial area. This attack not only destroyed the twin attracters, but also ruined the financial system. lodges fixed in the World Trade Center went through an unprecedented misfortune. The companys back-up facilities which were too close to the primary facilities were disrupted as the primary facilities. angiotensin converting enzyme points of failure in perceived diverse routing resulted in failed back-up communications systems. Because of the terrorist attacks of 9/11, there is signifi tin cant increased focus on the accident retrieval formulate. (Robert Bronner, 1997) fit in to Robert Bronner, argots were among the earliest adopters of information technology in the business world. The widely use of information technology in the swear system forced a overbold diligence the misfortune recovery industry. adventure recovery computer progr amme is an important part of depository financial institution business continuity externalize. It is a processes or set of procedures that help oneself firms prepare for turbulent events.The goal of the plan is recover and protect a business IT facilities, such as the network, document management system, and core system, in the disruptive events. Those events include both(prenominal) natural disaster such as earthquake and man-made disasters such as power outage. It is impossible that a chamfer can always avoid disasters, so the disaster recovery plan plays an important role afterward a shore suffer a disaster. With a metric plan will effetely help the slang to minimize downtime and data loss to ensure some level of organizational stability and an orderly recovery after a disaster will prevail. The Automated Clearinghouse Association was formed by 7 Philadelphia-based banks in the mid-1970s for the sole purpose focus on how to manage banks data recovery when banks computer systems go down. This group started the disaster recovery industry in 1987 by SunGard Recovery Services.The serious of adventure Recovery PlanThe disaster recovery plan is important to the bank, because the benefits it can obtained from the drafting of a disaster recovery plan.The basic benefits of a disaster recovery plan include (disaster recovery plan)(1) Providing a sense of security(2) Minimizing risk of delays(3) Guaranteeing the reliability of standby systems(4) Providing a standard for testing the plan(5) Minimizing decision-making during a disaster(6) Reducing strength legal liabilities(7) Lowering unnecessarily stressful work environmentDisaster recovery plan is a decisive proactive approach to banks. Because the objective of the disaster recovery plan is protect the bank do minimize loss during the disaster, preparation is vital to the disaster recovery plan. The type of disaster recovery plan can be variety, but all of them should follow three basic measures (1) pre ventive measures, (2) detective measures, and (3) disciplinary measures. The purpose of the first measures is to prevent a disaster from occurring. This measure is focus on identify and reduce risks. Preventive aimed to stop a disaster in the lead happening. These measure try to identify the risks before it happens and reduce the happen ratio. To achieve the saloon purpose, the measures whitethorn include keeping data backed up and morose site, using surge protectors, installing generators and conducting routine inspections. Detective measures are used to find the presence of any unwanted events among the IT infrastructure. They focus on the unfound new potential threats.These measures include installing fire alarms, using up-to-date antivirus software, holding employee training sessions, and installing server and network monitoring software. The system which is focus on restores a system after a disaster or otherwise unwanted event takes place is corrective measures. There meas ures may include keeping deprecative documents in the Disaster Recovery Plan or securing proper insurance policies, after a lessons learned brainstorming session. (Disaster recovery plan) Banking industry certainly contends the Disaster Recovery Plan. The research shows that among 170 disasters recoveries, 45 were for banks in the last 10 years. (Robert Bronner, 1997) In 2012, hurricane Sandy highlightsthe banks need for disaster recovery planning. Sandy struck the East Coast of Manhattan, where is the location of ring Street. Many banks headquarter located on the East Coast, such as Citi and Bank of American, were flooded under water. The financial markets in New York City were closed for at least two days cause loss of millions of dollars. Disasters are unheralded and costly, so the planning is critical for the bank to reduce loss from disasters.Disaster recovery is of particular importance for the banks than other businesses because the huge demand of services during generat ion of community disaster. The average bank is multi-plat formed, with multiple locations and varied operations and computer applications. For example, Chase Bank has over 19,500 ATMS and 5,600 branches across the country. Mergers and acquisitions make the bank facing a more complicated situation. Mergers and acquisitions hold caused banks to endure more different kinds of applications. Basically, banks run 20 to 30 critical applications simultaneously. When organizations merger or are acquired, a bank may run 40 to 60, double than before, critical application at the same time. Furthermore, because the banks global expanding, the banks operations become more alter that expands their reach beyond the back office into satellite locations. Last, banks are still relying heavily on paper.For example, the bank often needs the copy for its customers copy of ID. If a bank suffers a disaster, what would happen to these decentralized operations and manifold applications? What happens to the many paper transactions in branches that have not entered the central system? As soon as the disaster happened, no matter its man-made or natural, despite of its local or nation, it can disrupt critical business operations significantly for weeks and sometimes months. Thorough preparation can shorten recovery time dramatically and keep banking operations ongoing. (Robert Bronner, 1997)The planning methodologyAccording to Geoffrey H. Wold of the Disaster Recovery Planning Process, 1997, an integrated plan should include 10 travel1. Obtain Top Management CommitmentTop management in the bank essential support and involved when developinga disaster recovery plan. Managements have the responsibility to supervise the plan developing process and confirm the terminal disaster recovery planning is effective within the bank. The process of developing the plan should include enough time and adequate material resources. Resources could include both financial considerations and the effort of all personnel involved. This process requires the bank to hire educated managers who has fill inledge about disaster recovery. If the top manager doesnt know about disaster recovery, the final disaster recovery plan, which has the participation of the top manager, can be poor.2. Establishing a planning committee later on the draft of the disaster recovery plan is finished, the bank need to build a planning committee. The function of the planning committee is overseeing the development and implementation of the disaster recovery plan. The planning should consider all functional areas of the organization and effect represent them. The committee members should include the operations manager and the data processing manager. The employee is the first thing the bank should think about when develops a disaster recovery plan. What employee most concern about? The safety of families and personal property. As long as those two areas are safe, the employee can focus on the safety of the empl oyer and its customers property. So when the management making the disaster recovery plans, they should include essentials such as shelter, medical insurance, pension, as wholesome as counseling and information on the disaster recovery plan. The committee should ensure the final disaster recovery plan include a plan to ensure the safety of the employees family and property.3. Perform a risk assessmentRisk analysis and business impact analysis are important part of planning committee. They should contain the range of possible disasters for natural, technical, and human threats. The committee should analysis every functional area of the organizations potential consequence and enchant associated with different disaster scenarios. Furthermore, the safety of critical document and vital records should be evaluated, too. For example, fire always be considered the greatest threat to an organization, so manybanks demoralise the fire insurance. However, even the flood is infrequently, it still has a chance to happen. One of the reasons the Sandy cost huge loss is many banks located at Wall Street dont have bought insurance for flood. The disaster recovery plan should consider the worst case situation.4. Establish priorities for processing and operations scathing needs are the necessary equipment and procedures used to recover the daily operations of a department, such as main facility or computer summation when it suffered a disaster. The critical needs for each department within a bank should evaluate the areas include functional operations, key personnel, information, processing systems, service, documentation, vital records, policies and procedures. summary the processing and operations to try the maximum amount need f time each department of bank can operate without each critical system. To determining the critical needs for a department, the bank can document all the functions perpetrateed by every departments.As soon as the primary functions have been dete rmined, the operations and processes should be ranked in the order of essential, important, and non-essential. (Robert Bronner, 1997) Location is the first critical consideration of a recovery plan. A banks recovery plan should include geographically independent relocations sites for every work group. (Robert Bronner, 1997) The consideration of the location include whether it is easy to access to other facilities, Data mall professionals may work in an urban area and be more willing to travel or relocate. The recovery locations should be planned both for the data center environment and satellite locations.5. Determine Recovery StrategiesThe researched and evaluated processing alternatives are the most practical alternatives for processing. In order to make an effective recovery strategy, the bank must consider facilities, hardware, software, communications, data files, customer services, user operations, MIS, End-user systems, and other processing operations of the organization. Fu rthermore, the bank should consider its computer function. Hot sites, warm sites, cold sites, reciprocal agreements, tow data center, consortium arrangement, and vendor supplied equipment are the alternatives forevaluation of the computer function. The third elements should be prepared is the written agreements for the specific recovery. The example of special considerations include get duration, termination conditions, testing, costs, special security procedures, apprisal of system changes, hours of operation, and specific hardware and other equipment required for processing.6. Perform Data CollectionThe basic data accumulate for disaster recovery plan includes backup position listing, critical telephone numbers, communications inventory, distribution register, variety types of inventory, master call list and vendor list, notification checklist, software and data files backup/retention schedules, temporary location specifications, and materials and documentation. That information are helpful to develop pre0formatted forms to facilitate the data gathering process. According to Robert F Bronne of the banking industry and disaster recovery plan, 1997 the internal data central is no longer enough for the bank, with the expansion of bank, the bank needs the data beyond the inside data center.The remote of the working group of the remote locations should be part of the entire disaster recovery plan. The equipment and system in the remote locations should be accounted in the recovery plan. What is more, business recovery move advance to restoring and recreating business process. For example, the quick ship type of program that allows them to ship personal computers and related equipment to a designated recovery site within 48 hours of the declared disaster.7. Organize and document a written planThe disaster plan should be written in a standard form. The plan should include an outline of the plans contents. The managements should review and approve the outline. Th en, the procedures and the documentation should be written in the plan based on the standard format. It is helpful to create a consistent format and allows for go along maintenance of the disaster recovery plan. The plan should be used before, during, and after a disaster. It should include methods for maintaining and updating the plan to reflect any significant internal, external or systems changes and structuredusing a team approach.8. Develop testing criteria and procedures aft(prenominal) a disaster plan is created, it should be tested and evaluated on a regular basis. The tests will provide the organization with the assurance that all necessary steps are included in the plan. Furthermore, it helps to determining the feasibility and compatibility of backup facilities and procedures, identifying areas in the plan that need modification, providing training to the team managers and team members, demonstrating the ability of the organization to recover, and providing need for main taining and updating the disaster recovery plan.9. Test the PlanAfter testing criteria have been completed, the bank should test the disaster recovery plan. A good banks recovery plan doesnt means it works well in the reality. The test will provide additional information about the continuing steps, reasonable adjustment to the original plan. Each functional department of bank should be tested. The banks size and rate of organizational change decide the frequency of testing. Usually, small banks have low frequency of testing they may do testing once per year. Larger banks have high frequency they perform exercises two or three times a year or stretch an annual test over several days. There are quadruplet main types of tests checklist test, simulation test, parallel tests, and full interruption tests. The actual disaster is a true test to bank. It is similar to simulation tests, but more reliable than the simulation tests. Banks should document recovery efforts, evaluate results, an d refine plans accordingly carefully.10. Approve the plan.The last step of making disaster recovery plan is approving the plan. After the written and tested, the plan should be approved by top-management. The top management has responsibility to establishing policies and comprehensive calamity planning. Also, the management should reviewing and approving the contingency plan each year and writes a review paper for the plan. If the information is come from a service bureau,management should evaluate the adequacy of contingency plans for its service bureau and ensure that its contingency plan is compatible with its service bureaus plan.ConclusionWith the expansion of financial industry, banks become more sophisticated technology users the disaster recovery plan will play a more important role in the banking sector. The banks disaster recovery plan can help the bank to mining the lost due to an unexpected disaster and recover the bank back to use as soon as possible, but it acquired the bank to plan a disaster recovery plan system and effectively before the disaster happens. An effective disaster plan is made under the strict necessary in operate in planning, assessment, writing, and testing process. Nobody can estimate when the disaster will come, the disaster recovery plan is both a prevention method and insurance to decreasing the potential exposures and recover the organization for the bank.Work Cites1. Bronner, Robert F. Banking Industry and Disaster Recovery Planning. Banking Industry and Disaster Recovery Planning. N.p., n.d. Web. 17 Nov. 2013. .2. Disaster Recovery Plan. Wikipedia. Wikimedia Foundation, 11 June 2013. Web. 17 Nov. 2013. .3. Wold, Geoffrey H. Disaster Recovery Planning Process Part 1 of 3. Disaster Recovery Planning Process Part 1 of 3. N.p., n.d. Web. 17 Nov. 2013. .
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.