.

Tuesday, January 29, 2019

Disaster Recovery Planning in Banking Sector Essay

On September 11, 2001, the terrorist attack destroyed the World bargain circle around in New York, which was the most highly concentrated fiscal atomic number 18a. This attack not only destroyed the twin towers, but similarly ruined the financial system. Banks fit(p) in the World Trade Center went through an unprecedented accident. The companys back down-up facilities which were too close to the primal facilities were disrupted as the primary facilities. Single points of failure in perceived diverse routing resulted in failed back-up communications systems. Because of the terrorist attacks of 9/11, there is signifi sesst change magnitude focus on the cataclysm retrieval purpose. (Robert Bronner, 1997) According to Robert Bronner, buzzwording tutelages were among the earliest adopters of selective training technology in the business world. The widely use of information technology in the cuss system forced a new effort the possibility recuperation indus taste. po ssibility recuperation figure is an important give away of bank business continuity project. It is a movementes or set of procedures that foster firms prep atomic number 18 for disruptive events.The goal of the pattern is acquire and protect a business IT facilities, such as the ne dickensrk, document centering system, and core system, in the disruptive events. Those events overwhelm two natural accident such as earthquake and man-made misfortunes such as power outage. It is impossible that a bank discharge everlastingly avoid misfortunes, so the casualty recuperation jut bumps an important role after a bank subscribe a hazard. With a c arful contrive exit effetely help the bank to minimize down while and info sack to ensure some level of organizational st faculty and an orderly recovery after a hap will prevail. The Automated Clearinghouse Association was formed by 7 Philadelphia-based banks in the mid-1970s for the fillet of sole purpose focus on ho w to manage banks entropy recovery when banks data processor systems go down. This group started the disaster recovery industry in 1987 by SunGard convalescence Services.The Important of possibility recuperation forgeThe disaster recovery plan is important to the bank, because the benefits it can obtained from the drafting of a disaster recovery plan.The basic benefits of a disaster recovery plan embarrass (disaster recovery plan)(1) Providing a sense of security system(2) Minimizing risk of delays(3) Guaranteeing the reliability of standby systems(4) Providing a model for scrutiny the plan(5) Minimizing decision-making during a disaster(6) Reducing capability well-grounded liabilities(7) Lowering unnecessarily stressful work environmentdisaster recovery plan is a life-sustaining proactive approach to banks. Because the objective of the disaster recovery plan is protect the bank do minimize loss during the disaster, planning is vital to the disaster recovery plan. The type of disaster recovery plan can be variety, but all of them should follow triple basic measures (1) prohibitive measures, (2) detective measures, and (3) corrective measures. The purpose of the first measures is to prevent a disaster from occurring. This measure is focus on identify and pull down risks. Preventive aimed to stop a disaster forrader run acrossing. These measure try to identify the risks before it happens and reduce the happen ratio. To achieve the prevention purpose, the measures whitethorn take keeping data backed up and off site, victimisation surge protectors, installing generators and conducting routine inspections. Detective measures are used to discover the presence of any unwanted events among the IT infrastructure. They focus on the unfound new potential threats.These measures overwhelm installing awaken alarms, using up-to-date antivirus software package, holding employee develop sessions, and installing server and ne dickensrk monitoring soft ware. The system which is focus on restores a system after a disaster or early(a) unwanted event takes place is corrective measures. There measures whitethorn include keeping critical documents in the hazard Recovery Plan or securing proper insurance policies, after a lessons learned brainstorming session. ( happening recovery plan) Banking industry certainly require the Disaster Recovery Plan. The research shows that among 170 disasters recoveries, 45 were for banks in the last 10 years. (Robert Bronner, 1997) In 2012, hurricane blonde highlights the banks need for disaster recovery planning. flaxen struck the East Coast of Manhattan, where is the localisation of circumvent Street. Many banks headquarter located on the East Coast, such as Citi and Bank of American, were flooded beneath water. The financial markets in New York City were closed for at least(prenominal) two days cause loss of millions of dollars. Disasters are unexpected and costly, so the planning is cr itical for the bank to reduce loss from disasters.Disaster recovery is of particular importance for the banks than other businesses because the huge demand of dishs during multiplication of community disaster. The average bank is multi-plat formed, with multiple locations and varied trading trading operations and computer applications. For example, Chase Bank has over 19,500 ATMS and 5,600 branches across the country. Mergers and acquisitions make the bank face up a to a greater extent complicated situation. Mergers and acquisitions have caused banks to endure to a greater extent contrary kinds of applications. Basically, banks run 20 to 30 critical applications simultaneously. When organizations merger or are acquired, a bank may run 40 to 60, double than before, critical application at the same time. Furthermore, because the banks global expanding, the banks operations become more decentralized that expands their reach beyond the back touch into satellite locations. Last, ba nks are still relying heavily on paper.For example, the bank much needs the copy for its customers copy of ID. If a bank suffers a disaster, what would happen to these decentralized operations and manifold applications? What happens to the many paper transactions in branches that have not entered the central system? As soon as the disaster happened, no matter its man-made or natural, despite of its local anesthetic or nation, it can disrupt critical business operations significantly for weeks and sometimes months. Thorough preparation can shorten recovery time dramatically and keep banking operations ongoing. (Robert Bronner, 1997)The planning methodologyAccording to Geoffrey H. Wold of the Disaster Recovery Planning Process, 1997, an integrated plan should include 10 move1. Obtain Top Management CommitmentTop management in the bank must support and involved when developing a disaster recovery plan. Managements have the responsibility to supervise the plan developing process and confirm the final examination disaster recovery planning is effective indoors the bank. The process of developing the plan should include enough time and capable material resources. Resources could include both financial examineations and the effort of all personnel involved. This process requires the bank to hire educated managers who has knowledge about disaster recovery. If the top manager doesnt know about disaster recovery, the final disaster recovery plan, which has the participation of the top manager, can be poor.2. Establishing a planning committee by and by the draft of the disaster recovery plan is finished, the bank need to build a planning committee. The function of the planning committee is overseeing the development and implementation of the disaster recovery plan. The planning should consider all functional knowledge bases of the organization and effect represent them. The committee members should include the operations manager and the data processing manag er. The employee is the first thing the bank should think about when develops a disaster recovery plan. What employee most concern about? The safety of families and private property. As long as those two areas are safe, the employee can focus on the safety of the employer and its customers property. So when the management making the disaster recovery plans, they should include essentials such as shelter, medical examination insurance, pension, as well as counseling and information on the disaster recovery plan. The committee should ensure the final disaster recovery plan include a plan to ensure the safety of the employees family and property.3. coiffure a risk assessmentRisk analysis and business encroachment analysis are important parts of planning committee. They should contain the set off of possible disasters for natural, technical, and human threats. The committee should analysis either functional area of the organizations potential consequence and influence associated w ith different disaster scenarios. Furthermore, the safety of critical document and vital records should be evaluated, too. For example, fire always be considered the greatest threat to an organization, so many banks buy the fire insurance. However, even the flood is infrequently, it still has a chance to happen. One of the reasons the Sandy cost huge loss is many banks located at Wall Street dont have bought insurance for flood. The disaster recovery plan should consider the worst case situation.4. Establish priorities for processing and operationsCritical needs are the requisite equipment and procedures used to recover the insouciant operations of a department, such as main facility or computer center when it suffered a disaster. The critical needs for each department within a bank should evaluate the areas include functional operations, keystone personnel, information, processing systems, service, documentation, vital records, policies and procedures. Analysis the processi ng and operations to decide the level best amount need f time each department of bank can operate without each critical system. To deter mining the critical needs for a department, the bank can document all the functions performed by every departments.As soon as the primary functions have been determined, the operations and processes should be ranked in the order of essential, important, and non-essential. (Robert Bronner, 1997) Location is the first critical retainer of a recovery plan. A banks recovery plan should include geographically independent relocations sites for every work group. (Robert Bronner, 1997) The consideration of the location include whether it is easy to access to other facilities, Data center professionals may work in an urban area and be more involuntary to travel or relocate. The recovery locations should be planned both for the data center environment and satellite locations.5. Determine Recovery StrategiesThe researched and evaluated processing alternativ es are the most practical alternatives for processing. In order to make an effective recovery strategy, the bank must consider facilities, hardware, software, communications, data files, customer services, user operations, MIS, End-user systems, and other processing operations of the organization. Furthermore, the bank should consider its computer function. Hot sites, speedy sites, cold sites, reciprocal agreements, tow data center, consortium arrangement, and vendor supplied equipment are the alternatives for evaluation of the computer function. The third elements should be prepared is the written agreements for the specialised recovery. The example of special considerations include contract duration, termination conditions, testing, costs, special security procedures, notification of system changes, hours of operation, and specific hardware and other equipment required for processing.6. carry through Data CollectionThe basic data collected for disaster recovery plan include s backup position listing, critical telephone numbers, communications inventory, distribution register, variety types of inventory, master call list and vendor list, notification checklist, software and data files backup/retention schedules, temporary location specifications, and materials and documentation. That information are right-hand to develop pre0formatted forms to facilitate the data gathering process. According to Robert F Bronne of the banking industry and disaster recovery plan, 1997 the inside data central is no longer enough for the bank, with the expansion of bank, the bank needs the data beyond the inside data center.The upstage of the working group of the remote locations should be part of the entire disaster recovery plan. The equipment and system in the remote locations should be accounted in the recovery plan. What is more, business recovery move preliminary to restoring and recreating business process. For example, the quick ship type of program that allows them to ship personal computers and related equipment to a designated recovery site within 48 hours of the declared disaster.7. Organize and document a written planThe disaster plan should be written in a standard form. The plan should include an outline of the plans contents. The managements should review and approve the outline. Then, the procedures and the documentation should be written in the plan based on the standard format. It is helpful to create a consistent format and allows for continuing maintenance of the disaster recovery plan. The plan should be used before, during, and after a disaster. It should include methods for maintaining and updating the plan to reflect any significant internal, external or systems changes and structured using a team approach.8. Develop testing criteria and proceduresAfter a disaster plan is created, it should be tested and evaluated on a regular basis. The tests will append the organization with the assurance that all necessary steps are included in the plan. Furthermore, it helps to determining the feasibility and compatibility of backup facilities and procedures, identifying areas in the plan that need modification, providing training to the team managers and team members, demonstrating the ability of the organization to recover, and providing motivation for maintaining and updating the disaster recovery plan.9. Test the PlanAfter testing criteria have been completed, the bank should test the disaster recovery plan. A good banks recovery plan doesnt means it works well in the reality. The test will provide additional information about the continuing steps, reasonable adjustment to the superior plan. Each functional department of bank should be tested. The banks size and rate of organizational change decide the frequency of testing. Usually, lesser banks have low frequency of testing they may do testing once per year. Larger banks have high frequency they perform exercises two or three times a year or thin a n annual test over several days. There are cardinal main types of tests checklist test, simulation test, parallel tests, and full interruption tests. The actual disaster is a true test to bank. It is similar to simulation tests, but more authentic than the simulation tests. Banks should document recovery efforts, evaluate results, and refine plans then carefully.10. Approve the plan.The last step of making disaster recovery plan is authorise the plan. After the written and tested, the plan should be approved by top-management. The top management has responsibility to establishing policies and comprehensive accident planning. Also, the management should reviewing and approving the contingency plan annually and writes a review paper for the plan. If the information is come from a service bureau, management should evaluate the adequacy of contingency plans for its service bureau and ensure that its contingency plan is compatible with its service bureaus plan.ConclusionWith the expansion of financial industry, banks become more sophisticated technology users the disaster recovery plan will play a more important role in the banking sector. The banks disaster recovery plan can help the bank to mining the lost due to an unexpected disaster and recover the bank back to use as soon as possible, but it acquired the bank to plan a disaster recovery plan system and effectively before the disaster happens. An effective disaster plan is made under the nonindulgent requirement in operate in planning, assessment, writing, and testing process. Nobody can estimate when the disaster will come, the disaster recovery plan is both a prevention method and insurance to decreasing the potential exposures and recover the organization for the bank.Work Cites1. Bronner, Robert F. Banking Industry and Disaster Recovery Planning. Banking Industry and Disaster Recovery Planning. N.p., n.d. Web. 17 Nov. 2013. .2. Disaster Recovery Plan. Wikipedia. Wikimedia Foundation, 11 June 2013. Web. 17 Nov. 2013. .3. Wold, Geoffrey H. Disaster Recovery Planning Process Part 1 of 3. Disaster Recovery Planning Process Part 1 of 3. N.p., n.d. Web. 17 Nov. 2013. .

No comments:

Post a Comment