Disaster Recovery Planning in Banking Sector Essay

On September 11, 2001, the terrorist round off destroyed the World Trade midsection in New York, which was the virtually highly c at a timentrated financial atomic number 18a. This attack not only destroyed the twin towers, but also sunk the financial system. Banks located in the World Trade Center went through and through an unprecedented incident. The companys back-up facilities which were too close to the primary facilities were cut off as the primary facilities. Single points of failure in perceived various(a) routing resulted in failed back-up communications systems. Beca custom of the terrorist attacks of 9/11, there is signifi enduret increased localise on the accident recuperation envision. (Robert Bronner, 1997) According to Robert Bronner, confides were among the earliest adopters of information engineering science in the headache world. The widely use of information technology in the brim system forced a new intentness the fortuity retrieval industry. Di saster retrieval propose is an important sidetrack of trust note continuity figurer program. It is a routinees or set of procedures that help firms civilise for profligate nonethelessts.The goal of the excogitation is recover and protect a business IT facilities, such as the ne twainrk, document management system, and core system, in the disruptive events. Those events accept both natural hazard such as temblor and man-made happenings such as power outage. It is im assertable that a blaspheme can always avoid disasters, so the disaster convalescence jut out plays an important role after a brink suffer a disaster. With a careful plan will effetely help the bank to understate downtime and info loss to ensure some level of musical arrangemental stability and an orderly retrieval after a disaster will prevail. The modify Clearinghouse Association was formed by 7 Philadelphia-based banks in the mid-1970s for the sole design focus on how to manage banks data retri eval when banks computer systems go down. This group started the disaster recuperation industry in 1987 by SunGard retrieval Services.The Important of Disaster retrieval PlanThe disaster recovery plan is important to the bank, because the benefits it can obtained from the draftsmanship of a disaster recovery plan.The basal benefits of a disaster recovery plan acknowledge (disaster recovery plan)(1) Providing a intellect of security(2) Minimizing risk of delays(3) Guaranteeing the reliability of standby systems(4) Providing a standard for examen the plan(5) Minimizing decision- reservation during a disaster(6) Reducing potential legal liabilities(7) overweight unnecessarily stressful organise environmentDisaster recovery plan is a critical proactive approach to banks. Because the objective of the disaster recovery plan is protect the bank do minimize loss during the disaster, supply is vital to the disaster recovery plan. The type of disaster recovery plan can be physique, but all told of them should follow three basic measures (1) preventive measures, (2) detective measures, and (3) corrective measures. The purpose of the first measures is to prevent a disaster from occurring. This measure is focus on place and reduce risks. balk aimed to s perish a disaster before happening. These measure try to identify the risks before it happens and reduce the happen ratio. To achieve the prevention purpose, the measures may allow tutelage data backed up and off site, using wad protectors, install generators and conducting routine inspections. Detective measures are used to find the presence of any unwanted events among the IT infrastructure. They focus on the unfound new potential threats.These measures acknowledge installing fire alarms, using up-to-date antivirus software, holding employee training sessions, and installing server and network monitoring software. The system which is focus on restores a system after a disaster or otherwise unwanted ev ent takes place is corrective measures. There measures may hold keeping critical documents in the Disaster recovery Plan or securing ripe insurance policies, after a lessons learned brainstorming session. (Disaster recovery plan) Banking industry certainly needs the Disaster retrieval Plan. The query shows that among 170 disasters recoveries, 45 were for banks in the last 10 years. (Robert Bronner, 1997) In 2012, hurricane blonde highlightsthe banks need for disaster recovery plan. Sandy smitten the East Coast of Manhattan, where is the location of Wall thoroughfare. Many banks headquarter located on the East Coast, such as Citi and Bank of American, were flooded under water. The financial markets in New York City were closed for at least two days cause loss of millions of dollars. Disasters are unexpected and represently, so the planning is critical for the bank to reduce loss from disasters.Disaster recovery is of special(prenominal) importance for the banks than other b usinesses because the huge demand of advantages during times of federation disaster. The average bank is multi-plat formed, with multiple locations and varied trading operations and computer maskings. For typesetters case, mark Bank has over 19,500 ATMS and 5,600 branches across the country. Mergers and acquisitions make the bank facing a more complicated situation. Mergers and acquisitions take hold caused banks to endure more different kinds of applications. Basically, banks exceed 20 to 30 critical applications simultaneously. When shapings merger or are acquired, a bank may run 40 to 60, double than before, critical application at the same time. Furthermore, because the banks global expanding, the banks operations stick more alter that expands their reach beyond the back office into artificial satellite locations. Last, banks are still relying heavily on paper.For example, the bank often needs the copy for its customers copy of ID. If a bank suffers a disaster, what would happen to these decentralized operations and manifold applications? What happens to the many paper transactions in branches that watch not entered the central system? As soon as the disaster happened, no matter its man-made or natural, despite of its local or nation, it can disrupt critical business operations significantly for weeks and sometimes months. Thorough preparation can shorten recovery time dramatically and keep banking operations ongoing. (Robert Bronner, 1997)The planning methodologyAccording to Geoffrey H. Wold of the Disaster Recovery cooking Process, 1997, an integrated plan should include 10 steps1. receive Top Management CommitmentTop management in the bank must support and involved when developinga disaster recovery plan. Managements have the responsibility to supervise the plan developing abut and sustain the final disaster recovery planning is effective inner(a) the bank. The process of developing the plan should include enough time and adequate hoo ey resources. Resources could include both financial considerations and the effort of all personnel involved. This process requires the bank to hire educated managers who has knowledge or so disaster recovery. If the occur manager doesnt know about disaster recovery, the final disaster recovery plan, which has the participation of the top manager, can be poor.2. Establishing a planning mission by and by the draft of the disaster recovery plan is finished, the bank need to build a planning committee. The function of the planning committee is overseeing the development and implementation of the disaster recovery plan. The planning should consider all functional areas of the formation and effect represent them. The committee members should include the operations manager and the data touch on manager. The employee is the first thing the bank should forecast about when develops a disaster recovery plan. What employee most concern about? The precaution of families and personal prop erty. As long as those two areas are safe, the employee can focus on the safety of the employer and its customers property. So when the management making the disaster recovery plans, they should include essentials such as shelter, medical insurance, pension, as well as counseling and information on the disaster recovery plan. The committee should ensure the final disaster recovery plan include a plan to ensure the safety of the employees family and property.3. Perform a risk assessmentRisk summary and business impact analysis are important parts of planning committee. They should contain the range of possible disasters for natural, technical, and human threats. The committee should analysis every functional area of the organizations potential consequence and influence associated with different disaster scenarios. Furthermore, the safety of critical document and vital records should be evaluated, too. For example, fire always be considered the greatest threat to an organization, so manybanks buy the fire insurance. However, even the flood is infrequently, it still has a chance to happen. One of the reasons the Sandy cost huge loss is many banks located at Wall Street dont have bought insurance for flood. The disaster recovery plan should consider the worst case situation.4. Establish priorities for process and operations diminutive needs are the necessary equipment and procedures used to recover the daily operations of a department, such as principal(prenominal) facility or computer shopping mall when it suffered a disaster. The critical needs for each department within a bank should evaluate the areas include functional operations, key personnel, information, processing systems, service, documentation, vital records, policies and procedures. Analysis the processing and operations to decide the maximum amount need f time each department of bank can operate without each critical system. To determining the critical needs for a department, the bank can documen t all the functions performed by every departments.As soon as the primary functions have been determined, the operations and processes should be ranked in the order of essential, important, and non-essential. (Robert Bronner, 1997) Location is the first critical consideration of a recovery plan. A banks recovery plan should include geographically independent relocations sites for every work group. (Robert Bronner, 1997) The consideration of the location include whether it is easy to access to other facilities, entropy center professionals may work in an urban area and be more willing to trigger or relocate. The recovery locations should be planned both for the data center environment and satellite locations.5. Determine Recovery StrategiesThe researched and evaluated processing alternatives are the most practical alternatives for processing. In order to make an effective recovery strategy, the bank must consider facilities, hardware, software, communications, data files, customer services, user operations, MIS, End-user systems, and other processing operations of the organization. Furthermore, the bank should consider its computer function. Hot sites, warm sites, raw sites, reciprocal agreements, tow data center, consortium arrangement, and vendor supplied equipment are the alternatives for military rank of the computer function. The third elements should be prepared is the write agreements for the specific recovery. The example of special considerations include contract duration, termination conditions, testing, costs, special security procedures, card of system changes, hours of operation, and specific hardware and other equipment required for processing.6. Perform Data CollectionThe basic data collected for disaster recovery plan includes backup position listing, critical telephone numbers, communications inventory, distribution register, variety types of inventory, master call list and vendor list, notification checklist, software and data files backu p/retention schedules, temporary location specifications, and materials and documentation. That information are encouraging to develop pre0formatted forms to facilitate the data gathering process. According to Robert F Bronne of the banking industry and disaster recovery plan, 1997 the inside data central is no long-lasting enough for the bank, with the expansion of bank, the bank needs the data beyond the inside data center.The remote of the working group of the remote locations should be part of the entire disaster recovery plan. The equipment and system in the remote locations should be accounted in the recovery plan. What is more, business recovery move advance to restoring and recreating business process. For example, the quick ship type of program that allows them to ship personal computers and related to equipment to a designated recovery site within 48 hours of the declared disaster.7. work and document a written planThe disaster plan should be written in a standard form . The plan should include an line of the plans contents. The managements should review and approve the outline. Then, the procedures and the documentation should be written in the plan based on the standard format. It is helpful to get a consistent format and allows for continuing maintenance of the disaster recovery plan. The plan should be used before, during, and after a disaster. It should include methods for maintaining and update the plan to reflect any significant internal, external or systems changes and organiseusing a team approach.8. Develop testing criteria and proceduresAfter a disaster plan is created, it should be tested and evaluated on a fix basis. The tests will provide the organization with the assurance that all necessary steps are included in the plan. Furthermore, it helps to determining the feasibility and compatibility of backup facilities and procedures, identifying areas in the plan that need modification, providing training to the team managers and tea m members, demonstrating the ability of the organization to recover, and providing motivation for maintaining and updating the disaster recovery plan.9. Test the PlanAfter testing criteria have been completed, the bank should test the disaster recovery plan. A good banks recovery plan doesnt federal agency it works well in the reality. The test will provide additional information about the continuing steps, reasonable adjustment to the original plan. each functional department of bank should be tested. The banks size and rate of organizational change decide the frequency of testing. Usually, small banks have low frequency of testing they may do testing once per year. Larger banks have high frequency they perform exercises two or three times a year or stretch an yearbook test over several days. There are four main types of tests checklist test, simulation test, parallel tests, and full interruption tests. The actual disaster is a true test to bank. It is similar to simulation tes ts, but more authoritative than the simulation tests. Banks should document recovery efforts, evaluate results, and refine plans accordingly carefully.10. respect the plan.The last step of making disaster recovery plan is favourable reception the plan. After the written and tested, the plan should be approved by top-management. The top management has responsibility to establishing policies and comprehensive eventuality planning. Also, the management should reviewing and approving the contingency plan annually and writes a review paper for the plan. If the information is inject from a service means,management should evaluate the adequacy of contingency plans for its service bureau and ensure that its contingency plan is compatible with its service bureaus plan.ConclusionWith the expansion of financial industry, banks become more ripe technology users the disaster recovery plan will play a more important role in the banking sector. The banks disaster recovery plan can help the b ank to mining the upset due to an unexpected disaster and recover the bank back to use as soon as possible, but it acquired the bank to plan a disaster recovery plan system and effectively before the disaster happens. An effective disaster plan is made under the strict indispensableness in operate in planning, assessment, writing, and testing process. Nobody can work out when the disaster will come, the disaster recovery plan is both a prevention method and insurance to decreasing the potential exposures and recover the organization for the bank.Work Cites1. Bronner, Robert F. Banking Industry and Disaster Recovery Planning. Banking Industry and Disaster Recovery Planning. N.p., n.d. Web. 17 Nov. 2013. .2. Disaster Recovery Plan. Wikipedia. Wikimedia Foundation, 11 June 2013. Web. 17 Nov. 2013. .3. Wold, Geoffrey H. Disaster Recovery Planning Process Part 1 of 3. Disaster Recovery Planning Process Part 1 of 3. N.p., n.d. Web. 17 Nov. 2013. .