SlideShare a Scribd company logo

Contingency Plan WAK BANKS ATM

W
Wajahat Ali Khan

The document outlines the IT Manager's contingency plan presentation to the Executive Board and President of the bank. The plan addresses disaster events, recovery planning, technologies used, contingency operations, costs of recovery, employee awareness, impacts on business operations, and conclusions. It includes a table of contents and sections on prologue, disaster events, recovery planning, technology used, contingency of operations, costs of recovery, employee awareness, impacts on business operations, and conclusion. The plan aims to safeguard the bank's systems and operations in the event of an earthquake, political unrest, or other disruptions through strategies such as data backup, identification of roles and solutions, testing, and employee training.

1 of 12
Download to read offline
Contingency Plan April 29 2012 Due to the recent earthquake and political unrest the Executive Board and President are worried about the safeguard of their system. They called I.T. Manager of the bank to present his Contingency Plan. Points included in the plan are Disaster Events, Recovery Planning, Technology Used, Contingency of Operation, Cost of Recovery, Awareness among the Employees, Impact on Business Operations and Conclusion. Bank`s ATM Business Continuity Plan
2 Contingency Plan Final Project: Information System & IT Audit Table of Contents:  Prologue…………..………………………….……………3  Disaster Events……………………………………………4  Recovery Planning………………………………………..5  Technology Used………………………………...….…….6  Contingency of Operation………………………………..8  Cost of recovery…………………………………………..9  Awareness among the Employees………………..……..10  Impacts on Business Operations………..……………….11  Conclusion…………………………………...……………12
3 Contingency Plan Final Project: Information System & IT Audit 1. Prologue A Business Continuity Plan is a roadmap for continuing operations under adverse conditions (i.e. interruption from natural or man-made hazards). BCP is an ongoing state or methodology governing how business is conducted. Backup plan to run any business event uninterrupted is a part of business continuity plan. BCP for specified organization is to be implemented for the organizational level in large scale however backup plan at individual level is to be implemented at small unit scale. BCP’s business activity focuses on four well-established areas of expertise; Structured Trade Finance, Private Banking, Treasury services and Correspondent Banking, BCP enjoys a solid reputation as a top quality service provider in all of these banking fields and serves an ever-growing number of customers and banks with a wide range of innovative, tailor-made and value-added products and services. Effective business continuity measures are critical for any business entity. Our Bank is committed to protecting its staff and ensuring the continuity of critical businesses and functions in order to protect the Bank`s franchise, mitigate risk, safeguard revenues and sustain both a stable financial market and customer confidence. The development, implementation, testing and maintenance of an effective global Business Continuity and Disaster Recovery program are required to sustain these objectives. A Contingency Plan is a backup plan, activated in the event of a disaster that disrupts a company's production and puts employees in danger. The goal of the plan is to safeguard data, minimize disruption and keep everyone as safe as possible. A company may never have occasion to use a contingency plan, but it is important to have one, keep it updated and train employees what to do if the need arises. A Disaster Recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human- induced disaster. Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.
4 Contingency Plan Final Project: Information System & IT Audit 2. Disaster Events A sudden event, such as an accident or a natural catastrophe, that causes great damage or loss of business reputation, clientages. A disaster is a sudden, calamitous event that seriously disrupts the functioning of a ATM`s or financial transactions and causes human, I.T. assets, and economic or environmental losses that exceed the bank`s ability to cope using its own resources. The combination of hazards, vulnerability and inability to reduce the potential negative consequences of risk results in disaster, as shown in the formula: (VULNERABILITY + HAZARD ) / CAPACITY = DISASTER Following are the disasters affecting the Bank:  Political unrest  Earthquake  Cybercrime  Terrorist confrontation  Assets larceny Political unrest is a disturbance or turmoil; also known as agitation. Earthquake is an unexpected and rapid shaking of earth due to the breakage and shifting of underneath layers of Earth. Earthquake strikes all of a sudden at any time of day or night and quite violently. It gives no prior warning. If it happens in a populated area, the earthquake can cause great loss to human life and property. Flood is also one of the most common hazards in the United States and other parts of the world. The effects of a flood can be local to a neighborhood or community. It can cast a larger impact, the whole river basin and multiple states could get affected. Every state is at its risk due to this hazard. Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise including espionage, financial theft, and other cross-border crimes. Theft of IT and Database Assets – taking and removing inventory and/or other assets from the company premises without attempting to conceal the theft in the books and records. Losses resulting from larceny of company assets can run into the millions of dollars.
5 Contingency Plan Final Project: Information System & IT Audit 3. Recovery Planning Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Following are the nine steps we taken for Recovery Planning: Step-1 Take inventory of IT Assets What are we trying to protect? Including applications, telephony/fax, phone numbers, support for IM, and other "unofficial" apps that we claim we don't support. Don't forget outside, outsourced apps as well. We need to assemble everything we'll need, including installation media, serial numbers, key codes, etc. Then we have to rank it all as Critical, Vital, Sensitive, Nice to Have, or Should Be Dead Already and attach recovery time objectives (RTO) and data loss objectives (DLO) to each one. This is a big deal; we can't do it in a few days. The security of our business assets is on the line. Step-2 Asses Risk What does losing this asset really mean? What is the cost of not having it for the short term? Typically, this is the cost of downtime, in dollars per hour of lost revenue. But it's a little more complicated than that. We need to include PR and customer relations costs, for example, and data reconstruction costs. Some data might not be recoverable; what does that cost? And remember, it's not a straight line. The first minute of loss has a negligible cost. But at 3 months, we're out of business. Step -3 Assign Roles This is pretty straightforward: Who does what. Be explicit. "Multiple people being responsible means nobody is responsible," says Marks. "Individual people get assigned to individual roles so they can be held responsible." Step-4 Identify Possible Solutions We'll need to develop a matrix of solutions for all our company's vulnerabilities. One perfect solution for everything will probably be too expensive. Then we need to identify vendors for each service we might need, from server locations to user work area providers. Decisions should be based on the recovery time goal -- how long until you're up and running again? -- And the recovery point goal, i.e., when we are up and running again, what state will we be in? Step-5 Choose Solutions Finally, it's time to actually start selecting some solutions. Match your RTO/DLO to your various applications. And remember, we don't have to restore full functionality for everything instantly. We just need to keep things going while you figure out more permanent solutions.
6 Contingency Plan Final Project: Information System & IT Audit Step-6 Implement Solution Next, we need to test your choices. Do our solutions really work? Can your staff handle them? Do we have enough bandwidth? Then we need to keep adjusting to balance our solutions against our budget. Hint: Virtualization is our friend. Step-7 Create a Recovery Manual If there's no manual, there's no plan. Nothing you didn't write down will be available in a real disaster. Don't forget to answer all the awkward questions like, who can declare a disaster? Step-8 Test Recovery Plan Ninety percent of all disaster recovery plans fail the initial test. If we haven't tested it, we don't have a plan. We must do a post-mortem on our test, learn from our failures, and try it again. Step-9 Train, Maintain & Document No, we're not done. Disaster planning is an ongoing process, not a set it and forget it enterprise. We've got to keep testing, training, updating, maintaining, improving, etc. 4. Technology Used As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, or the rapid recovery of the systems, has increased. It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. As a result, preparation for continuation or recovery of Bank`s ATM systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. Following are the list of common Technologies used for Data protection and Data Recovery:  SAN Network Technology  Disk Replication-Mirroring  Disk Replication-Shadowing  Clustering Symmetric  Clustering Asymmetric  Conventional Backup  RAID  Network Attached Storage (NAS)  Standby Operating System  Storage Visualization  Hot Network Nodes  Virtual Private Networks (VPN)  Cloud computing  Mobile Data Centers  Remote Journaling  Electronic Vaulting
7 Contingency Plan Final Project: Information System & IT Audit But we prefer the following technologies which are beneficial to us in order to update back-ups and retrieve them in the shortest possible time, in case of failure of mainframe or in case of disaster, to ensure proper working of worldwide ATM`s network: STORAGE AREA NETWORK (SAN): A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network by other devices. BENEFITS Sharing storage usually simplifies storage administration and adds flexibility since cables and storage devices do not have to be physically moved to shift storage from one server to another. Other benefits include the ability to allow servers to boot from the SAN itself. This allows for a quick and easy replacement of faulty servers since the SAN can be reconfigured so that a replacement server can use the LUN of the faulty server. While this area of technology is still new many view it as being the future of the enterprise datacenter. SANs also tend to enable more effective disaster recovery processes. A SAN could span a distant location containing a secondary storage array. This enables storage replication either implemented by disk array controllers, by server software, or by specialized SAN devices. Since IP WANs are often the least costly method of long-distance transport, the Fiber Channel over IP (FCIP) and iSCSI protocols have been developed to allow SAN extension over IP networks. Disk Replication-Mirroring Active (real-time) storage replication is usually implemented by distributing updates of a block device to several physical hard disks. This way, any file system supported by the operating system can be replicated without modification, as the file system code works on a level above the block device driver layer. It is implemented either in hardware (in a disk array controller) or in software (in a device driver). The most basic method is disk mirroring, typical for locally-connected disks. The storage industry narrows the definitions, so mirroring is a local (short-distance) operation. A replication is extendable across a computer network, so the disks can be located in physically distant locations, and the master-slave database replication model is usually applied. The purpose of replication is to prevent damage from failures or disasters that may occur in one location, or in case such events do occur, improve the ability to recover. For replication, latency is the key factor because it determines either how far apart the sites can be or the type of replication that can be employed.
8 Contingency Plan Final Project: Information System & IT Audit 5. Contingency of Operation Contingency of Operation (COOP) is to ensure that agencies are able to continue performance of essential functions under a broad range of circumstances. The points for contingency of operations are as follows: Identify System Recovery Time (SRT) System Recovery Time (SRT) activity takes place after a disaster is confirmed. The organization must plan the order of priority that it will use to recover hardware systems and components, in order to meet business process RTO. Identify Data Currency for the Applications Operational activity that supports the application RPO must take place before the business disruption or a disaster event. After the disaster occurs, applications and data at the affected site are unavailable to execute the DRP. Identify Data Backup Strategies Prior to selecting a data recovery (DR) strategy, a DR planner should refer to their Bank's BCP, which should indicate key metrics of recovery point objective and recovery time objective for business processes: There are three main types of backup sites:  cold sites  warm sites  hot sites Differences between them are determined by costs and effort required to implement each. Another term used to describe a backup site is a work area recovery site. Identify Critical Personnel and Recovery Teams The applications and host systems are dependent upon personnel with a unique knowledge, skills, and abilities. Identifying the staff that has the knowledge to recover the infrastructure that supports the business processes is key to a DRP. Essential support personnel should be identified along with their skill sets. Testing the Disaster Recovery Plan To obtain the most value from a disaster recovery test, explicit test objectives and success criteria are required. The use of test objectives and success criteria enable the effectiveness of each DRP element and the overall Business Continuity Plan to be assessed. The two major test criteria are the recovery of the network within its RTO with data currency within the RPO.
9 Contingency Plan Final Project: Information System & IT Audit 6. Cost of Recovery Cost considerations related to Disaster Recovery become increasingly important as the numbers of platforms and servers grow. IT decision makers should strive to ensure that all decisions regarding technology platforms are based on accurate and complete cost-comparison information. When choosing the best platform for hosting each business-critical application, it is important to consider DR and the associated costs and complexities to be able to calculate the total cost of ownership (TCO) and risk for each application. Ancillary costs should also be evaluated and budgeted. These will include disaster declaration fees and ongoing usage fees, which for ATM`s operations are generally add-up to those of comparable mainframe operations. The key cost elements of DR include: 1. Backup/Restore Cost  Backup  Restore  SAN effort  Effort for Complete Site recovery  Recovery 2. Deployment and Support Cost  System Programming  Middleware  Application  Maintenance  Distribution Licensing  Up gradation 3. Infrastructure Cost  Space  Power  Network Storage  Initial Hardware  Software  Maintenance 4. Human Resource Cost  Personnel Education  Training 5. Operation Effort Cost  Monitoring  Problem Determination  Server Management Tools  Integrated Server Management 6. Cost of Security Measures  Authentication  User Administration  Data Security  Server and OS security 7. Cost of Utilizing Resources  Resource sharing  Resource acquisition  Resource transportation  Resource Peak time handling  Performance management  Load balancing 8. Cost of Integration  Integrated functionality  Handling 3rd Party tools  Integration of standards 9. Availability Cost  High availability  Hours of operation
10 Contingency Plan Final Project: Information System & IT Audit 7. Awareness among the Employees If a Business Continuity Plan (BCP) is to be executed successfully, all personnel must not only be aware that the plan exists, but also know its contents, together with the duties and responsibilities of each party. ● A comprehensive training program that reaches every employee. ● All employees need awareness training annually. ● The training must be auditable. Employee Acknowledgement form – For audit purposes, every employee, including senior management, will sign an acknowledgement form to be retained by Human Resources. This same form has been added to the New Employee Orientation (NEO) program, so new employees will immediately become part of the Business Continuity Plan. Training-Level I: On an annual basis, Human Resources will send out a BCP Awareness Training form to all employees. The forms will be retained in the employee’s personnel file. This one page form accomplishes three major auditable requirements:  It makes every employee aware of the existence of a company wide BCP.  It makes every employee aware of the fact that should a disaster occur, the employee is to look to their supervisor for direction concerning what to do.  The employee is asked to sign the form acknowledging the above two items. Training-Level II: This level is geared towards back-office & branch managers & supervisors. The focus is on Emergency Action Plans for all facilities and departments. ● A brief PowerPoint presentation provides an overview of general Business Continuity Planning (BCP) and explains the responsibilities & duties of a “First Responder”. ● A brief introduction to the company’s Business Continuity Plan from the distribution CD’s. ● Makes every First Responder aware of their duties & responsibilities during a disaster. Namely:  Get their employees and customers to safety.  Call 1122/15, if necessary.  Escalate the situation to their direct management, if needed.  Deal with the disaster until help arrives. Training-Level III: This training package is geared toward senior management, including those who will be responsible for providing strategic guidance through a disaster and the subsequent Business Resumption. The training consists of the following elements: BCP - A brief introduction to the company’s Business Continuity Plan from the distribution CD’s. ICS - A detailed explanation of our Incident Command System (ICS) EOC - An explanation of how our Emergency Operations Center (EOC) is set up, how it is activated and what to do if the primary EOC isn’t usable.
11 Contingency Plan Final Project: Information System & IT Audit 8. Impact on Business Operations Impact on business operations of business continuity management becomes obvious not because it means you will survive into the distant future; but because it will make you a better and more competitive business today. We categorize two types of impacts Pre-disaster and Post-disaster Impacts: Pre-disaster Impacts  Having a top-quality, tried and tested business continuity management structure in place helps our Bank stand out from others.  This will become an even stronger competitive advantage over the next few years as business continuity standards take hold around the world and their associated accreditation schemes highlight those Banks that have taken business continuity seriously.  The time may come when companies will only be able to do business with the public sector, for example, if they can show that they are accredited to a business continuity standard. If this happens companies that are prepared NOW will gain a strong advantage over their competitors who are trying to play ‘catch up’.  Another non-disaster related impact of business continuity management is that it can help to create a business which operates its systems to the optimum level.  The company that successfully operates a true business continuity management culture will have systems that are more effective; more efficient; more fully utilized than their competitors.  Such a company will be able to maximize the return on investment it makes in business processes.  It will be more productive, more reliable and an excellent partner and supplier.  When it sets a deadline it will meet it. When it undertakes a project, it will deliver on time and on budget. Post-disaster Impacts  It is well documented that an effective disaster response can help a company’s share price to increase and its reputation to become stronger. The definitive study in this area was carried out by Knight and Pretty (‘The impact of catastrophes on shareholder value’, 2000).  The business that recovers most quickly from a wide-area disaster is the business which is able to capitalize on the situation.  Disasters create new markets and open up existing ones. This may allow the rapid development and launch of new banking/ATM services.  Or, if our ATM services are available when a competitor’s aren’t, we can gain temporary market share, which may become permanent if our ATM services are at least as good as our competitor’s.
12 Contingency Plan Final Project: Information System & IT Audit 9. Conclusion Success of a BCP depends on the effective data replication mechanism followed between DC and DR, which is again directly related to the requirements of the banks. The process implemented for the data replication requirement has to conform to this with no compromise to data and transaction integrity and should ensure seamless resumption of operations to the maximum extent possible. This should be conformed to in the DR simulations and reported accordingly to the Top Management as well. It is true that the operational aspect involves technology, but knowledge of technology alone is not sufficient for this exercise. It includes activities in risk management, crisis management, identification of business processes, impact analysis, cost benefit analysis, storage management, network management, continuity planning, recovery planning, training, communication and coordination. …THE END…

Recommended

Risk assessment
Risk assessmentRisk assessment
Risk assessment
Capt Rajeshwar singh
 
C-TPAT
C-TPATC-TPAT
C-TPAT
kumarsaurabh_2000
 
Occupational health and safety (2)
Occupational health and safety (2)Occupational health and safety (2)
Occupational health and safety (2)Mary Ann Estargo
 
Safety Culture
Safety CultureSafety Culture
Safety Culture
guestbc6b08
 
Social and Environmental Reporting - An Essay
Social and Environmental Reporting - An EssaySocial and Environmental Reporting - An Essay
Social and Environmental Reporting - An EssayNaomi O'Donoghue
 
Environmental and safety issues
Environmental and safety issuesEnvironmental and safety issues
Environmental and safety issues
Lijo M Loyid
 
School Safety And Security
School Safety And SecuritySchool Safety And Security
School Safety And Security
National Crime Prevention Council
 
Corporate social responsibility
Corporate social responsibilityCorporate social responsibility
Corporate social responsibility
Ahmad Thanin
 

Recommended

Risk assessment
Risk assessmentRisk assessment
Risk assessment
Capt Rajeshwar singh
 
C-TPAT
C-TPATC-TPAT
C-TPAT
kumarsaurabh_2000
 
Occupational health and safety (2)
Occupational health and safety (2)Occupational health and safety (2)
Occupational health and safety (2)Mary Ann Estargo
 
Safety Culture
Safety CultureSafety Culture
Safety Culture
guestbc6b08
 
Social and Environmental Reporting - An Essay
Social and Environmental Reporting - An EssaySocial and Environmental Reporting - An Essay
Social and Environmental Reporting - An EssayNaomi O'Donoghue
 
Environmental and safety issues
Environmental and safety issuesEnvironmental and safety issues
Environmental and safety issues
Lijo M Loyid
 
School Safety And Security
School Safety And SecuritySchool Safety And Security
School Safety And Security
National Crime Prevention Council
 
Corporate social responsibility
Corporate social responsibilityCorporate social responsibility
Corporate social responsibility
Ahmad Thanin
 
Ship breaking industry
Ship breaking industryShip breaking industry
Ship breaking industry
Nilesh Jakher
 
Corporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship TheoryCorporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship Theory
Dayana Mastura FCCA CA
 
Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0
StaySafe®
 
Risk assessment
Risk assessmentRisk assessment
Risk assessmentdoogstone
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility pptMohamed Meeran
 
Ethics & stakeholders
Ethics & stakeholdersEthics & stakeholders
Ethics & stakeholdersSampath
 
COSHH & CLP Training 2015
COSHH & CLP Training 2015COSHH & CLP Training 2015
COSHH & CLP Training 2015
Power Hygiene & Safety Products Limited
 
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines PerspectiveGreen Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
Mohammed Mojahid Hossain Chowdhury
 
Archie Carroll CSR Pyramid
Archie Carroll CSR PyramidArchie Carroll CSR Pyramid
Archie Carroll CSR Pyramid
PiyushHirwani
 
Employees And The Corporation
Employees And The CorporationEmployees And The Corporation
Employees And The CorporationHector Rodriguez
 
Code of ethics and conduct
Code of ethics and conductCode of ethics and conduct
Code of ethics and conduct
Atlantic Energias Renováveis
 
Business Ethics
Business EthicsBusiness Ethics
Business EthicsKaren Houston
 
Business & the Environment
Business & the EnvironmentBusiness & the Environment
Business & the Environment
tutor2u
 
Moving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - aghamMoving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - agham
AGHAM - Advocates of Science and Technology for the People
 
Risk analysis in international business
Risk analysis in international businessRisk analysis in international business
Risk analysis in international business
Adhish Kumar Sinha
 
Hot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNCHot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNCAtlantic Training, LLC.
 
Institute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahiInstitute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahi
SN Panigrahi, PMP
 
Session no. 6 safety culture
Session no. 6 safety cultureSession no. 6 safety culture
Session no. 6 safety culture
sameh shalash
 
Kidnap and ransom insurance
Kidnap and ransom insuranceKidnap and ransom insurance
Kidnap and ransom insurance
srudee
 
Shipping tonnages
Shipping tonnagesShipping tonnages
Shipping tonnages
Ajith Albi
 
Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planning
ahmad bassiouny
 
PM Session 6
PM Session 6PM Session 6
PM Session 6
dmdk12
 

More Related Content

What's hot

Ship breaking industry
Ship breaking industryShip breaking industry
Ship breaking industry
Nilesh Jakher
 
Corporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship TheoryCorporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship Theory
Dayana Mastura FCCA CA
 
Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0
StaySafe®
 
Risk assessment
Risk assessmentRisk assessment
Risk assessmentdoogstone
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility pptMohamed Meeran
 
Ethics & stakeholders
Ethics & stakeholdersEthics & stakeholders
Ethics & stakeholdersSampath
 
COSHH & CLP Training 2015
COSHH & CLP Training 2015COSHH & CLP Training 2015
COSHH & CLP Training 2015
Power Hygiene & Safety Products Limited
 
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines PerspectiveGreen Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
Mohammed Mojahid Hossain Chowdhury
 
Archie Carroll CSR Pyramid
Archie Carroll CSR PyramidArchie Carroll CSR Pyramid
Archie Carroll CSR Pyramid
PiyushHirwani
 
Employees And The Corporation
Employees And The CorporationEmployees And The Corporation
Employees And The CorporationHector Rodriguez
 
Code of ethics and conduct
Code of ethics and conductCode of ethics and conduct
Code of ethics and conduct
Atlantic Energias Renováveis
 
Business & the Environment
Business & the EnvironmentBusiness & the Environment
Business & the Environment
tutor2u
 
Moving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - aghamMoving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - agham
AGHAM - Advocates of Science and Technology for the People
 
Risk analysis in international business
Risk analysis in international businessRisk analysis in international business
Risk analysis in international business
Adhish Kumar Sinha
 
Hot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNCHot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNCAtlantic Training, LLC.
 
Institute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahiInstitute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahi
SN Panigrahi, PMP
 
Session no. 6 safety culture
Session no. 6 safety cultureSession no. 6 safety culture
Session no. 6 safety culture
sameh shalash
 
Kidnap and ransom insurance
Kidnap and ransom insuranceKidnap and ransom insurance
Kidnap and ransom insurance
srudee
 
Shipping tonnages
Shipping tonnagesShipping tonnages
Shipping tonnages
Ajith Albi
 

What's hot (20)

Ship breaking industry
Ship breaking industryShip breaking industry
Ship breaking industry
 
Corporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship TheoryCorporate Sustainability - Stakeholder and Stewardship Theory
Corporate Sustainability - Stakeholder and Stewardship Theory
 
Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0Lone Worker Safety - Lone Worker Policy Checklist 1.0
Lone Worker Safety - Lone Worker Policy Checklist 1.0
 
Risk assessment
Risk assessmentRisk assessment
Risk assessment
 
Corporate social responsibility ppt
Corporate social responsibility pptCorporate social responsibility ppt
Corporate social responsibility ppt
 
Ethics & stakeholders
Ethics & stakeholdersEthics & stakeholders
Ethics & stakeholders
 
COSHH & CLP Training 2015
COSHH & CLP Training 2015COSHH & CLP Training 2015
COSHH & CLP Training 2015
 
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines PerspectiveGreen Shipping and Sustainable Development: Stena Shipping Lines Perspective
Green Shipping and Sustainable Development: Stena Shipping Lines Perspective
 
Archie Carroll CSR Pyramid
Archie Carroll CSR PyramidArchie Carroll CSR Pyramid
Archie Carroll CSR Pyramid
 
Employees And The Corporation
Employees And The CorporationEmployees And The Corporation
Employees And The Corporation
 
Code of ethics and conduct
Code of ethics and conductCode of ethics and conduct
Code of ethics and conduct
 
Business Ethics
Business EthicsBusiness Ethics
Business Ethics
 
Business & the Environment
Business & the EnvironmentBusiness & the Environment
Business & the Environment
 
Moving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - aghamMoving forward: Nationalize the lrt/mrt - agham
Moving forward: Nationalize the lrt/mrt - agham
 
Risk analysis in international business
Risk analysis in international businessRisk analysis in international business
Risk analysis in international business
 
Hot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNCHot Work Permit Program Safety Training by UNC
Hot Work Permit Program Safety Training by UNC
 
Institute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahiInstitute Cargo Clauses in Marine Insurance By SN panigrahi
Institute Cargo Clauses in Marine Insurance By SN panigrahi
 
Session no. 6 safety culture
Session no. 6 safety cultureSession no. 6 safety culture
Session no. 6 safety culture
 
Kidnap and ransom insurance
Kidnap and ransom insuranceKidnap and ransom insurance
Kidnap and ransom insurance
 
Shipping tonnages
Shipping tonnagesShipping tonnages
Shipping tonnages
 

Viewers also liked

Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planning
ahmad bassiouny
 
PM Session 6
PM Session 6PM Session 6
PM Session 6
dmdk12
 
Project Management
Project ManagementProject Management
Project Management
Ting Yin
 
Resource allocation and smoothing
Resource allocation and smoothingResource allocation and smoothing
Resource allocation and smoothing
Dr. Mahmoud Al-Naimi
 
United Bank Limited - UBL (Pakistan)
United Bank Limited - UBL (Pakistan)United Bank Limited - UBL (Pakistan)
United Bank Limited - UBL (Pakistan)
Fahad Ur Rehman Khan
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
alanlund
 
Introduction to Project Management (workshop) - v.2
Introduction to Project Management (workshop) - v.2Introduction to Project Management (workshop) - v.2
Introduction to Project Management (workshop) - v.2
Mena M. Eissa
 

Viewers also liked (7)

Business Contingency Planning
Business Contingency PlanningBusiness Contingency Planning
Business Contingency Planning
 
PM Session 6
PM Session 6PM Session 6
PM Session 6
 
Project Management
Project ManagementProject Management
Project Management
 
Resource allocation and smoothing
Resource allocation and smoothingResource allocation and smoothing
Resource allocation and smoothing
 
United Bank Limited - UBL (Pakistan)
United Bank Limited - UBL (Pakistan)United Bank Limited - UBL (Pakistan)
United Bank Limited - UBL (Pakistan)
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Introduction to Project Management (workshop) - v.2
Introduction to Project Management (workshop) - v.2Introduction to Project Management (workshop) - v.2
Introduction to Project Management (workshop) - v.2
 

Similar to Contingency Plan WAK BANKS ATM

1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx
jackiewalcutt
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
- Mark - Fullbright
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
anhlodge
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 Soetam
Soetam Rizky
 
Business Continuity and Disaster Recover Week3Part4-ISr.docx
Business Continuity and Disaster Recover Week3Part4-ISr.docxBusiness Continuity and Disaster Recover Week3Part4-ISr.docx
Business Continuity and Disaster Recover Week3Part4-ISr.docx
humphrieskalyn
 
Business Continuation The Basics
Business Continuation The BasicsBusiness Continuation The Basics
Business Continuation The Basics
guest13df88e8
 
Microsoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness GuideMicrosoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness Guide
DWP Information Architects Inc.
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in generalJohn Johari
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plan
gotpowerinc
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
Soetam Rizky
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity Plan
ContinuSys
 
Business Continuity Detailed Plan
Business Continuity Detailed PlanBusiness Continuity Detailed Plan
Business Continuity Detailed Plan
Wissam Abdel Baki
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docx
juliennehar
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
CMR WORLD TECH
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
Hassanein Alwan
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recoveryGeorge Coutsoumbidis
 
COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types
LynellBull52
 
The Ultimate Guide To Business Continuity
The Ultimate Guide To Business ContinuityThe Ultimate Guide To Business Continuity
The Ultimate Guide To Business Continuity
Envision Technology Advisors
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
BizPlanss
 

Similar to Contingency Plan WAK BANKS ATM (20)

1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx1. After a cyber attack, the organizational decision making and re.docx
1. After a cyber attack, the organizational decision making and re.docx
 
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for BusinessesTop 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
 
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docxRUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
RUNNING HEADER Disaster Recovery Plan Information and Documentat.docx
 
Forkomil 2009 Soetam
Forkomil 2009 SoetamForkomil 2009 Soetam
Forkomil 2009 Soetam
 
Business Continuity and Disaster Recover Week3Part4-ISr.docx
Business Continuity and Disaster Recover Week3Part4-ISr.docxBusiness Continuity and Disaster Recover Week3Part4-ISr.docx
Business Continuity and Disaster Recover Week3Part4-ISr.docx
 
Business Continuation The Basics
Business Continuation The BasicsBusiness Continuation The Basics
Business Continuation The Basics
 
Microsoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness GuideMicrosoft Whitepaper: Disaster Preparedness Guide
Microsoft Whitepaper: Disaster Preparedness Guide
 
Business continuity in general
Business continuity in generalBusiness continuity in general
Business continuity in general
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Cd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-planCd and-power-disaster-recovery-plan
Cd and-power-disaster-recovery-plan
 
Disaster Recovery Planning
Disaster Recovery PlanningDisaster Recovery Planning
Disaster Recovery Planning
 
Key Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity PlanKey Features of Effective Business Continuity Plan
Key Features of Effective Business Continuity Plan
 
Business Continuity Detailed Plan
Business Continuity Detailed PlanBusiness Continuity Detailed Plan
Business Continuity Detailed Plan
 
Topic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docxTopic Describe each of the elements of a Business Continuity Plan .docx
Topic Describe each of the elements of a Business Continuity Plan .docx
 
Disaster recovery white_paper
Disaster recovery white_paperDisaster recovery white_paper
Disaster recovery white_paper
 
Planning for contingencies
Planning for contingenciesPlanning for contingencies
Planning for contingencies
 
Business continuity & disaster recovery
Business continuity & disaster recoveryBusiness continuity & disaster recovery
Business continuity & disaster recovery
 
COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types COM-CON Session Topics, Audiences, and Presentation Types
COM-CON Session Topics, Audiences, and Presentation Types
 
The Ultimate Guide To Business Continuity
The Ultimate Guide To Business ContinuityThe Ultimate Guide To Business Continuity
The Ultimate Guide To Business Continuity
 
Business Continuity Plan
Business Continuity PlanBusiness Continuity Plan
Business Continuity Plan
 

Contingency Plan WAK BANKS ATM

  • 1. Contingency Plan April 29 2012 Due to the recent earthquake and political unrest the Executive Board and President are worried about the safeguard of their system. They called I.T. Manager of the bank to present his Contingency Plan. Points included in the plan are Disaster Events, Recovery Planning, Technology Used, Contingency of Operation, Cost of Recovery, Awareness among the Employees, Impact on Business Operations and Conclusion. Bank`s ATM Business Continuity Plan
  • 2. 2 Contingency Plan Final Project: Information System & IT Audit Table of Contents:  Prologue…………..………………………….……………3  Disaster Events……………………………………………4  Recovery Planning………………………………………..5  Technology Used………………………………...….…….6  Contingency of Operation………………………………..8  Cost of recovery…………………………………………..9  Awareness among the Employees………………..……..10  Impacts on Business Operations………..……………….11  Conclusion…………………………………...……………12
  • 3. 3 Contingency Plan Final Project: Information System & IT Audit 1. Prologue A Business Continuity Plan is a roadmap for continuing operations under adverse conditions (i.e. interruption from natural or man-made hazards). BCP is an ongoing state or methodology governing how business is conducted. Backup plan to run any business event uninterrupted is a part of business continuity plan. BCP for specified organization is to be implemented for the organizational level in large scale however backup plan at individual level is to be implemented at small unit scale. BCP’s business activity focuses on four well-established areas of expertise; Structured Trade Finance, Private Banking, Treasury services and Correspondent Banking, BCP enjoys a solid reputation as a top quality service provider in all of these banking fields and serves an ever-growing number of customers and banks with a wide range of innovative, tailor-made and value-added products and services. Effective business continuity measures are critical for any business entity. Our Bank is committed to protecting its staff and ensuring the continuity of critical businesses and functions in order to protect the Bank`s franchise, mitigate risk, safeguard revenues and sustain both a stable financial market and customer confidence. The development, implementation, testing and maintenance of an effective global Business Continuity and Disaster Recovery program are required to sustain these objectives. A Contingency Plan is a backup plan, activated in the event of a disaster that disrupts a company's production and puts employees in danger. The goal of the plan is to safeguard data, minimize disruption and keep everyone as safe as possible. A company may never have occasion to use a contingency plan, but it is important to have one, keep it updated and train employees what to do if the need arises. A Disaster Recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human- induced disaster. Disaster recovery is a subset of business continuity. While business continuity involves planning for keeping all aspects of a business functioning in the midst of disruptive events, disaster recovery focuses on the IT or technology systems that support business functions.
  • 4. 4 Contingency Plan Final Project: Information System & IT Audit 2. Disaster Events A sudden event, such as an accident or a natural catastrophe, that causes great damage or loss of business reputation, clientages. A disaster is a sudden, calamitous event that seriously disrupts the functioning of a ATM`s or financial transactions and causes human, I.T. assets, and economic or environmental losses that exceed the bank`s ability to cope using its own resources. The combination of hazards, vulnerability and inability to reduce the potential negative consequences of risk results in disaster, as shown in the formula: (VULNERABILITY + HAZARD ) / CAPACITY = DISASTER Following are the disasters affecting the Bank:  Political unrest  Earthquake  Cybercrime  Terrorist confrontation  Assets larceny Political unrest is a disturbance or turmoil; also known as agitation. Earthquake is an unexpected and rapid shaking of earth due to the breakage and shifting of underneath layers of Earth. Earthquake strikes all of a sudden at any time of day or night and quite violently. It gives no prior warning. If it happens in a populated area, the earthquake can cause great loss to human life and property. Flood is also one of the most common hazards in the United States and other parts of the world. The effects of a flood can be local to a neighborhood or community. It can cast a larger impact, the whole river basin and multiple states could get affected. Every state is at its risk due to this hazard. Cybercrimes are defined as: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm to the victim directly or indirectly, using modern telecommunication networks such as Internet There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise including espionage, financial theft, and other cross-border crimes. Theft of IT and Database Assets – taking and removing inventory and/or other assets from the company premises without attempting to conceal the theft in the books and records. Losses resulting from larceny of company assets can run into the millions of dollars.
  • 5. 5 Contingency Plan Final Project: Information System & IT Audit 3. Recovery Planning Disaster recovery planning is a subset of a larger process known as business continuity planning and should include planning for resumption of applications, data, hardware, communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity. Following are the nine steps we taken for Recovery Planning: Step-1 Take inventory of IT Assets What are we trying to protect? Including applications, telephony/fax, phone numbers, support for IM, and other "unofficial" apps that we claim we don't support. Don't forget outside, outsourced apps as well. We need to assemble everything we'll need, including installation media, serial numbers, key codes, etc. Then we have to rank it all as Critical, Vital, Sensitive, Nice to Have, or Should Be Dead Already and attach recovery time objectives (RTO) and data loss objectives (DLO) to each one. This is a big deal; we can't do it in a few days. The security of our business assets is on the line. Step-2 Asses Risk What does losing this asset really mean? What is the cost of not having it for the short term? Typically, this is the cost of downtime, in dollars per hour of lost revenue. But it's a little more complicated than that. We need to include PR and customer relations costs, for example, and data reconstruction costs. Some data might not be recoverable; what does that cost? And remember, it's not a straight line. The first minute of loss has a negligible cost. But at 3 months, we're out of business. Step -3 Assign Roles This is pretty straightforward: Who does what. Be explicit. "Multiple people being responsible means nobody is responsible," says Marks. "Individual people get assigned to individual roles so they can be held responsible." Step-4 Identify Possible Solutions We'll need to develop a matrix of solutions for all our company's vulnerabilities. One perfect solution for everything will probably be too expensive. Then we need to identify vendors for each service we might need, from server locations to user work area providers. Decisions should be based on the recovery time goal -- how long until you're up and running again? -- And the recovery point goal, i.e., when we are up and running again, what state will we be in? Step-5 Choose Solutions Finally, it's time to actually start selecting some solutions. Match your RTO/DLO to your various applications. And remember, we don't have to restore full functionality for everything instantly. We just need to keep things going while you figure out more permanent solutions.
  • 6. 6 Contingency Plan Final Project: Information System & IT Audit Step-6 Implement Solution Next, we need to test your choices. Do our solutions really work? Can your staff handle them? Do we have enough bandwidth? Then we need to keep adjusting to balance our solutions against our budget. Hint: Virtualization is our friend. Step-7 Create a Recovery Manual If there's no manual, there's no plan. Nothing you didn't write down will be available in a real disaster. Don't forget to answer all the awkward questions like, who can declare a disaster? Step-8 Test Recovery Plan Ninety percent of all disaster recovery plans fail the initial test. If we haven't tested it, we don't have a plan. We must do a post-mortem on our test, learn from our failures, and try it again. Step-9 Train, Maintain & Document No, we're not done. Disaster planning is an ongoing process, not a set it and forget it enterprise. We've got to keep testing, training, updating, maintaining, improving, etc. 4. Technology Used As IT systems have become increasingly critical to the smooth operation of a company, and arguably the economy as a whole, the importance of ensuring the continued operation of those systems, or the rapid recovery of the systems, has increased. It is estimated that most large companies spend between 2% and 4% of their IT budget on disaster recovery planning, with the aim of avoiding larger losses in the event that the business cannot continue to function due to loss of IT infrastructure and data. As a result, preparation for continuation or recovery of Bank`s ATM systems needs to be taken very seriously. This involves a significant investment of time and money with the aim of ensuring minimal losses in the event of a disruptive event. Following are the list of common Technologies used for Data protection and Data Recovery:  SAN Network Technology  Disk Replication-Mirroring  Disk Replication-Shadowing  Clustering Symmetric  Clustering Asymmetric  Conventional Backup  RAID  Network Attached Storage (NAS)  Standby Operating System  Storage Visualization  Hot Network Nodes  Virtual Private Networks (VPN)  Cloud computing  Mobile Data Centers  Remote Journaling  Electronic Vaulting
  • 7. 7 Contingency Plan Final Project: Information System & IT Audit But we prefer the following technologies which are beneficial to us in order to update back-ups and retrieve them in the shortest possible time, in case of failure of mainframe or in case of disaster, to ensure proper working of worldwide ATM`s network: STORAGE AREA NETWORK (SAN): A storage area network (SAN) is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices to the operating system. A SAN typically has its own network of storage devices that are generally not accessible through the local area network by other devices. BENEFITS Sharing storage usually simplifies storage administration and adds flexibility since cables and storage devices do not have to be physically moved to shift storage from one server to another. Other benefits include the ability to allow servers to boot from the SAN itself. This allows for a quick and easy replacement of faulty servers since the SAN can be reconfigured so that a replacement server can use the LUN of the faulty server. While this area of technology is still new many view it as being the future of the enterprise datacenter. SANs also tend to enable more effective disaster recovery processes. A SAN could span a distant location containing a secondary storage array. This enables storage replication either implemented by disk array controllers, by server software, or by specialized SAN devices. Since IP WANs are often the least costly method of long-distance transport, the Fiber Channel over IP (FCIP) and iSCSI protocols have been developed to allow SAN extension over IP networks. Disk Replication-Mirroring Active (real-time) storage replication is usually implemented by distributing updates of a block device to several physical hard disks. This way, any file system supported by the operating system can be replicated without modification, as the file system code works on a level above the block device driver layer. It is implemented either in hardware (in a disk array controller) or in software (in a device driver). The most basic method is disk mirroring, typical for locally-connected disks. The storage industry narrows the definitions, so mirroring is a local (short-distance) operation. A replication is extendable across a computer network, so the disks can be located in physically distant locations, and the master-slave database replication model is usually applied. The purpose of replication is to prevent damage from failures or disasters that may occur in one location, or in case such events do occur, improve the ability to recover. For replication, latency is the key factor because it determines either how far apart the sites can be or the type of replication that can be employed.
  • 8. 8 Contingency Plan Final Project: Information System & IT Audit 5. Contingency of Operation Contingency of Operation (COOP) is to ensure that agencies are able to continue performance of essential functions under a broad range of circumstances. The points for contingency of operations are as follows: Identify System Recovery Time (SRT) System Recovery Time (SRT) activity takes place after a disaster is confirmed. The organization must plan the order of priority that it will use to recover hardware systems and components, in order to meet business process RTO. Identify Data Currency for the Applications Operational activity that supports the application RPO must take place before the business disruption or a disaster event. After the disaster occurs, applications and data at the affected site are unavailable to execute the DRP. Identify Data Backup Strategies Prior to selecting a data recovery (DR) strategy, a DR planner should refer to their Bank's BCP, which should indicate key metrics of recovery point objective and recovery time objective for business processes: There are three main types of backup sites:  cold sites  warm sites  hot sites Differences between them are determined by costs and effort required to implement each. Another term used to describe a backup site is a work area recovery site. Identify Critical Personnel and Recovery Teams The applications and host systems are dependent upon personnel with a unique knowledge, skills, and abilities. Identifying the staff that has the knowledge to recover the infrastructure that supports the business processes is key to a DRP. Essential support personnel should be identified along with their skill sets. Testing the Disaster Recovery Plan To obtain the most value from a disaster recovery test, explicit test objectives and success criteria are required. The use of test objectives and success criteria enable the effectiveness of each DRP element and the overall Business Continuity Plan to be assessed. The two major test criteria are the recovery of the network within its RTO with data currency within the RPO.
  • 9. 9 Contingency Plan Final Project: Information System & IT Audit 6. Cost of Recovery Cost considerations related to Disaster Recovery become increasingly important as the numbers of platforms and servers grow. IT decision makers should strive to ensure that all decisions regarding technology platforms are based on accurate and complete cost-comparison information. When choosing the best platform for hosting each business-critical application, it is important to consider DR and the associated costs and complexities to be able to calculate the total cost of ownership (TCO) and risk for each application. Ancillary costs should also be evaluated and budgeted. These will include disaster declaration fees and ongoing usage fees, which for ATM`s operations are generally add-up to those of comparable mainframe operations. The key cost elements of DR include: 1. Backup/Restore Cost  Backup  Restore  SAN effort  Effort for Complete Site recovery  Recovery 2. Deployment and Support Cost  System Programming  Middleware  Application  Maintenance  Distribution Licensing  Up gradation 3. Infrastructure Cost  Space  Power  Network Storage  Initial Hardware  Software  Maintenance 4. Human Resource Cost  Personnel Education  Training 5. Operation Effort Cost  Monitoring  Problem Determination  Server Management Tools  Integrated Server Management 6. Cost of Security Measures  Authentication  User Administration  Data Security  Server and OS security 7. Cost of Utilizing Resources  Resource sharing  Resource acquisition  Resource transportation  Resource Peak time handling  Performance management  Load balancing 8. Cost of Integration  Integrated functionality  Handling 3rd Party tools  Integration of standards 9. Availability Cost  High availability  Hours of operation
  • 10. 10 Contingency Plan Final Project: Information System & IT Audit 7. Awareness among the Employees If a Business Continuity Plan (BCP) is to be executed successfully, all personnel must not only be aware that the plan exists, but also know its contents, together with the duties and responsibilities of each party. ● A comprehensive training program that reaches every employee. ● All employees need awareness training annually. ● The training must be auditable. Employee Acknowledgement form – For audit purposes, every employee, including senior management, will sign an acknowledgement form to be retained by Human Resources. This same form has been added to the New Employee Orientation (NEO) program, so new employees will immediately become part of the Business Continuity Plan. Training-Level I: On an annual basis, Human Resources will send out a BCP Awareness Training form to all employees. The forms will be retained in the employee’s personnel file. This one page form accomplishes three major auditable requirements:  It makes every employee aware of the existence of a company wide BCP.  It makes every employee aware of the fact that should a disaster occur, the employee is to look to their supervisor for direction concerning what to do.  The employee is asked to sign the form acknowledging the above two items. Training-Level II: This level is geared towards back-office & branch managers & supervisors. The focus is on Emergency Action Plans for all facilities and departments. ● A brief PowerPoint presentation provides an overview of general Business Continuity Planning (BCP) and explains the responsibilities & duties of a “First Responder”. ● A brief introduction to the company’s Business Continuity Plan from the distribution CD’s. ● Makes every First Responder aware of their duties & responsibilities during a disaster. Namely:  Get their employees and customers to safety.  Call 1122/15, if necessary.  Escalate the situation to their direct management, if needed.  Deal with the disaster until help arrives. Training-Level III: This training package is geared toward senior management, including those who will be responsible for providing strategic guidance through a disaster and the subsequent Business Resumption. The training consists of the following elements: BCP - A brief introduction to the company’s Business Continuity Plan from the distribution CD’s. ICS - A detailed explanation of our Incident Command System (ICS) EOC - An explanation of how our Emergency Operations Center (EOC) is set up, how it is activated and what to do if the primary EOC isn’t usable.
  • 11. 11 Contingency Plan Final Project: Information System & IT Audit 8. Impact on Business Operations Impact on business operations of business continuity management becomes obvious not because it means you will survive into the distant future; but because it will make you a better and more competitive business today. We categorize two types of impacts Pre-disaster and Post-disaster Impacts: Pre-disaster Impacts  Having a top-quality, tried and tested business continuity management structure in place helps our Bank stand out from others.  This will become an even stronger competitive advantage over the next few years as business continuity standards take hold around the world and their associated accreditation schemes highlight those Banks that have taken business continuity seriously.  The time may come when companies will only be able to do business with the public sector, for example, if they can show that they are accredited to a business continuity standard. If this happens companies that are prepared NOW will gain a strong advantage over their competitors who are trying to play ‘catch up’.  Another non-disaster related impact of business continuity management is that it can help to create a business which operates its systems to the optimum level.  The company that successfully operates a true business continuity management culture will have systems that are more effective; more efficient; more fully utilized than their competitors.  Such a company will be able to maximize the return on investment it makes in business processes.  It will be more productive, more reliable and an excellent partner and supplier.  When it sets a deadline it will meet it. When it undertakes a project, it will deliver on time and on budget. Post-disaster Impacts  It is well documented that an effective disaster response can help a company’s share price to increase and its reputation to become stronger. The definitive study in this area was carried out by Knight and Pretty (‘The impact of catastrophes on shareholder value’, 2000).  The business that recovers most quickly from a wide-area disaster is the business which is able to capitalize on the situation.  Disasters create new markets and open up existing ones. This may allow the rapid development and launch of new banking/ATM services.  Or, if our ATM services are available when a competitor’s aren’t, we can gain temporary market share, which may become permanent if our ATM services are at least as good as our competitor’s.
  • 12. 12 Contingency Plan Final Project: Information System & IT Audit 9. Conclusion Success of a BCP depends on the effective data replication mechanism followed between DC and DR, which is again directly related to the requirements of the banks. The process implemented for the data replication requirement has to conform to this with no compromise to data and transaction integrity and should ensure seamless resumption of operations to the maximum extent possible. This should be conformed to in the DR simulations and reported accordingly to the Top Management as well. It is true that the operational aspect involves technology, but knowledge of technology alone is not sufficient for this exercise. It includes activities in risk management, crisis management, identification of business processes, impact analysis, cost benefit analysis, storage management, network management, continuity planning, recovery planning, training, communication and coordination. …THE END…