ARC 2015 Business Continuity
-
Upload
swift -
Category
Technology
-
view
96 -
download
1
Transcript of ARC 2015 Business Continuity
Business Continuity Planning
African Regional conference 2015
Kurt Ryelandt / Nils Maronier
Cape Town, 5 -7 May 2015
Interface
Network
MV-SIPN
Messaging
Services
FIN
InterAct
FileAct
Browse
Business
Applications
Market
Infrastructures
Service
Providers
Correspondents
Effective BCP is integrated everywhere
Customer
ARC Services Update – May 2015 – Confidentiality: External
Why BCP?
Crisis
External Threats
Utilities
People
Infrastructure
Security
Natural disasters
ARC Services Update – May 2015 – Confidentiality: External
Business Continuity best practices
ISO22301 Actions Status
BC Program Mgt Well established BC framework ?
Understanding the Organization & Determining BCP Strategy
Risk Management
Business Impact Analysis
Documented recovery objectives
?
?
?
Developing the BC Response
Resiliency principles
Business Continuity Plans
Crisis management framework
?
?
?
Exercising, auditing BC capability
2+ exercises per year
Annual review of BC Plans
Internal & external BC audits
?
?
?
BC culture Embedded FNAO culture ?
Controllable impact
Substantial impact
DANGER Zone
Business impact analysis
Financial
Business
Reputational
Large scale
External exposure
e.g. Media attention
Crucial point
Imp
act
Recovery Objectives
Recovery Time Objective (RTO): Maximum service unavailability time in single
site disruption. It includes ‘lead time’ and
‘system restoration time’ RTO & RPO
Recovery Objectives drive investment decision
(incl reputation)
Recovery Point Objective (RPO): Maximum amount of time in which service
data may be lost following a site outage. It
represents the required off-site backup
frequency.
Business Continuity Plan - Structure
• Critical Services and Functions
• Roles & Responsibilities
• Recovery Process
• Key phone numbers
Practicing our readiness…
Business
Continuity
Testing
Regular resilience
testing at the
system/network
levels
Service Continuity
exercises
Business Continuity
exercises
Simulation Support
exercises
More complex system
and network recovery
tests
Training-like events
to assess Business
Continuity Plans and
Crisis Mgmt process
Layers of resilience
Multiple connections, protected sites, built-in backup within Operating Centers
Transfer operations to alternate site within 20-30 minutes in the unlikely event layer 1 fails - zone failures don’t impact other zones
Disaster Recovery Infrastructure for the extreme case where layer 2 is not enough - can be activated for single zone with no impact to other zones
Layer 1
Intra-Site
Layer 2
Inter-Site
Layer 3
Disaster
Recovery
Layers of resilience
Multiple connections, protected sites, built-in backup within Operating Centers
Transfer operations to alternate site within 20-30 minutes in the unlikely event layer 1 fails - zone failures don’t impact other zones
Disaster Recovery Infrastructure for the extreme case where layer 2 is not enough - can be activated for single zone with no impact to other zones
Layer 1
Intra-Site
Layer 2
Inter-Site
Layer 3
Disaster
Recovery
Alliance Connect Everywhere
Leverage evolution & investment in
mobile technolgy
1SS: Single Interface to the
customer
Global coverage
E2E one stop shopping solution: all you need to connect & operate
your SWIFT environment in one package for low volume users
Managed low cost solution for low
volume users
Private VPN, non internet based
Alliance Connect: who is it for?
• Prime connectivity in
combination with Lite 2.
• Alternative to internet
connectivity
• Business continuity
• Connectivity when everything
else fails
Alliance
Remote
Gateway
• Also possible as prime
connectivity for ARG
• 3G recommended
Alliance Connect Everywhere:
Pricing details
• Phased roll out-legal checks necessary
• A country list will be made available on swift.com
• A banded monthly subscription fee in
function of messages send/received:
• A one time fee for the wireless box (spare
box optional): 500 EUR
Daily # of units sent and received Price
(EUR)
1 Between 0 and 25 110 2 Between 25 and 100 150 3 Between 100 and 500 170 4 Between 500 and 2000 200
1 unit= 1 MT, or 1 MX or 10 kChar of a file
Alliance Connect Everywhere: summary
Peace of mind: SWIFT is
your single point of
contact
Plug & Play installation
Low cost entry point
For Lite 2/ARG/Lifeline
users
Secure solution
Layers of resilience
Multiple connections, protected sites, built-in backup within Operating Centers
Transfer operations to alternate site within 20-30 minutes in the unlikely event layer 1 fails - zone failures don’t impact other zones
Disaster Recovery Infrastructure for the extreme case where layer 2 is not enough - can be activated for single zone with no impact to other zones
Layer 1
Intra-Site
Layer 2
Inter-Site
Layer 3
Disaster
Recovery
Operational & resilience best practices
Correct sizing
of Leased Line
bandwidth
Window Size in
line with Traffic
Requirements
Load Sharing
between
Leased lines
Fin Delivery Subset sharing
Monitor that no message
queuing occurs in CBT (In
& Out)
Each CBT primarily
connected to local
Connectivity Interface
Real Time Traffic Distribution
to multiple SNLs (IA & FA) Same SnF queue acquired by
multiple SNLs (IA)
End User Message
investigation and
reporting done in
Middleware
Multiple LTs on each CBT
instances (different on each
CBT) Monitoring of the cross site connectivity
R7
Database resilience
Alliance DB Recovery
Back office
resiliency
Virtualisation
Leverage Technology
Simplify connectivity
Alliance Remote
Gateway
Layers of resilience
Multiple connections, protected sites, built-in backup within Operating Centers
Transfer operations to alternate site within 20-30 minutes in the unlikely event layer 1 fails - zone failures don’t impact other zones
Disaster Recovery Infrastructure for the extreme case where layer 2 is not enough - can be activated for single zone with no impact to other zones
Layer 1
Intra-Site
Layer 2
Inter-Site
Layer 3
Disaster
Recovery
What is Alliance Lifeline?
Internet Optional:
Alliance Connect
Alliance
Lifeline
HSM Interface
MV-SIPN
Connect to SWIFT via
Alliance Lifeline
Browsers
@
AutoClient
Primary / backup / DR infrastructure
at customer site
Alliance Lifeline
light ‘footprint’
at customer site
Application
When your main SWIFT
Sites become
unavailable
Technical Assessment
Content • Architecture: SWIFT components, Middleware & BO integration
• Capacity – keeping in mind future business outlook
• Resilience: review recovery solutions for hw&sw malfunctions
• Procedures: gap analysis with regards to operational
procedures
• Monitoring: problem detection mechanism and highlevel
escalation
• Security: security set-up and access control on SWIFT
applications
• Configuration: high level configuration assessment
• RACI: roles and responsibilities for main SWIFT activities
Background Within the financial industry, the SWIFT infrastructure is
typically defined as business critical. As a result, IT Managers
are bound to run risk-free operations but are at the same time
challenged by technology evolution, cost pressure, strict
security requirements, technical implications from mergers &
acquisitions, etc.
Building on strong knowledge and expertise, SWIFT can
provide a neutral assessment of the SWIFT infrastructure and
its operations. The outcome will be a number of quick wins as
well as strategic recommendations.
Also internal audit teams or post-incident tiger teams could
call upon SWIFT assistance when the SWIFT infra is in scope
SWIFTNet
SNL
Alliance Gateway
Alliance Access Alliance Access
SNL
Alliance Gateway
BO application / middleware layer
Practicing our readiness…
Business
Continuity
Testing
Regular resilience
testing at the
system/network
levels
Service Continuity
exercises
Business Continuity
exercises
Simulation Support
exercises
300+ per year
More complex system
and network recovery
tests
6 weekends per year
Training-like events
to assess Business
Continuity Plans and
Crisis Mgmt process
50+ per year
Practicing our readiness… Example Service Continuity Testing
Business
Continuity
Testing
Regular resilience
testing at the
system/network
levels
Service Continuity
exercises
Business Continuity
exercises
Simulation Support
exercises
300+ per year
More complex system
And network recovery
tests
6 weekends per year
Training-like events
to assess Business
Continuity Plans and
Crisis Mgmt process
50+ per year
Active
Standby
Layer-1
Intra-site test
Site 1
Active Standby Standby Active
Site 2
Layer-2
Inter-site test
Practicing our readiness… Example Simulation Support Testing
Local Emergency Support
Govt Emergency Support
Local Command
Team
Command
Centre
SWIFT members
Practicing our readiness… Example Business Continuity Testing
EU zone TA zone
OPC Recovery Test - October
SWIFT cold start community test – April
Testing strategy
OPC-US OPC-CH OPC-NL
OPC-US OPC-CH OPC-NL DRI DRI
In Summary
Rehearse the recovery procedures
Test system, people & process resilience
Walkthrough, desktop, role-play simulations
Involve SWIFT staff at all levels, local authorities and
customers
Incident and crisis management @SWIFT
Serious problem with
business impact
Local disruption to a
service
Severe impact to
financial community
Problem
Incident
Crisis
Focus on people and customer