Business Continuity Management System 2016 Management WE CUSTODY TODAY THE VALUE OF TOMORROW

Transcription

1 Business Continuity Management System 2016 Management

2 Index DCV Objectives - Definitions Corporate Governance Continuity Management Vision DCV Evolution and Business Continuity Methodology Business Impact Analysis (BIA), Risk Analysis (RA) Strategies Prevention, containment and recovery Tests and Exercises Program Compliance with the 2016 Tests and Exercises Plan Training Program Floor Leaders, Emergency Committees, and others. ISO Process Planning and evolution

3 1. Objectives and Definitions Objectives To ensure regulatory compliance and availability of the critical processes. To provide role and responsibility guidelines for business continuity management. To recover critical services while safeguarding the protection and safety of the people. Key definitions Safeguarding the safety of the people at DCV s facilities. Being in alignment with the demands of the current regulations and under the guiding framework of the ISO standards. Incorporating continuity matters into the culture of DCV. 3

4 2. Corporate Governance Board of Directors Risk Management IT Committee Audit and Risk Committee Operational Risk Processes Safety of the Information Business Continuity Activation of the Continuity Plans Process Owners Organizational and functional structure Crisis Management And Disaster Recovery Emergency Committee Incidents Managers IT, People and Facilities Spokesperson Crisis Management Committee (CMC) Facilities Recovery Committee (CRI) People Support Committee (CAP) ICT Recovery Committee (CRT) Strategic Communication Committee (CEC) 4

5 3. Vision 1. Operational Continuity is a strategic axis defined by DCV for the development and provision of its services. 2. Our commitment to the securities market is: "To be the last component of the financial system to cease its operations and the first one to recover", no matter what the incident or disaster may be. 3. To protect the life and physical integrity of the Contributors of the company and the people at the facilities of the company at the time of an adverse event. Operational Risk Management Business Continuity Management System Probability BCMS BCP DRP Business Continuity Management System Business Continuity Plan Disaster Recovery Plan Probable Risks Normal Impact Unlikely risks with high impact Impact 5

6 4. DCV Evolution and Business Continuity DCV Evolution BC Evolution Custody and Registry of Transactions of Debt Instruments Contingency Plan for all resources and critical provisions Contingency Procedure Tests Beginning of efforts towards operational continuity New Methodology Business Continuity Plan (BCP). Y2K Function is created. Plan Update BS And Standard Maintenance is BCP Published Production Sites are moved to TIER III. Offices are separated into two buildings. CMP+DRP are incorporated SRAD US Site Work Plan To comply with BS25999 Standard BS Work Plan for ISO Upgrade ISO ISO Maintenance ISO BCCh pacts 6

7 5. BIA and RA Summary min 1 5 min Business Impact Analysis (BIA) for Strategic Services 5 15 min min min Administración Capital events management de eventos de capital Operaciones Securities custody de custodia operations de valores Registro Registry y and liquidación clearance of de operations operaciones Servicio CC forward de cc service fordward 1 2 hrs 2 5 hrs 5 12 hrs hrs Threats Distribution by score >5 días days days días days días Atención Depositors de assistance depositantes Otros Other Servicios services (OMGEO) Servicio Braa service braa Servicio International de custodia custody internacional service Impact by Processes Distribution of Impacts in DCV Process times Time Sensitivity Impacts Distribution in DCV Services time Transferencia of securities de valores ComDer y and Adm. Collateral De Garantías- Mgmt Administración Corporate actions de eventos management 122 de capital-122 Custodia-112 Custody 112 Otras Other operaciones-88 operations 88 Tesorería International internacional-87 Tresasury 87 Mesa Customer atención service de clientes-85 desk 85 Custodia International internacional-64 custody 64 Registro Issues central registry 62 de emisiones-62 Bolsa International de valores stock extranjeros-59 exchange 59 Threat score , , , , 8.000, 6.000, 4.000, 2.000, 0, , Probability 5 6 Terremoto Earthquake Sabotaje Sabotage Incendio Fire Atentado Terrorist Terrorista attack Caída Plane de or Avión helicopter o Helicóptero crash Electricity failure Falla de Energía Eléctrica Inundación External flood Externa Vandalismo Hacking - Cracking Falla HW HW failure Impact by service Time Sensitivity Registro Registry y and liquidación clearance de of operations operaciones Operaciones Securities custody de custodia operations de valores Administración Instruments management de instrumentos Servicio International de custodia custody internacional service Atención Depositors de depositantes assistance Servicio Braa service braa Servicio CC forward de cc service fordward Otros Other servicios services Administración Management 7

8 6. Strategies Operational aspects People. Every key function is duplicated. Facilities. Alternative administrative site. Prevention Strategy (probability) Risk Management Capacity Management Incident Management Problem Management Recovery Strategy (actions) Containment strategy (impact) Technological aspects Every critical component is duplicated. Production Sites are distributed. Duplicate Components Components duplicate Burgos HR Offices Orphans Primary Site Secondary Site Based on the RTO Objective Times of each critical service Continuity procedures Disaster recovery plan and crisis management Sites 8

9 7. Tests and exercises plan Accumulated Compliance of the 2016 Test Plan Management of Tests and Exercises 1% 6% 6% 16% 16% 26% 26% 37% 38% 46% Cumplimiento Actual Compliance Real Programa ProjectedPresupuestado Program Significant tests Alternations of Data Centers. Operations in alternative offices. Crisis Management Exercise Backup personnel operation. Activation of Production for Disasters Site. Evacuation exercises. Alternative communications systems tests. 53% 58% 56% 68% 72% 78% Test Plan Compliance 100% compliance with test plan. 38 run tests. 93% 100% 100% 100% 0% 20% 40% 60% 80% 100% 35 Successful Exitosas 3 Unsuccessful No Existosas 9

10 8. Training and Awareness Plan Summary of Activities Crisis management: 15 people Leader Implementer of Continuity Managers : 2 people Leader Auditors : 3 people Humanitarian assistance and containment: 3 people Floor leaders and backups: 21 people 10

11 9. Business Continuity Management System Re-certification is valid until DCV has been certified since Process BS ISO Upgrade ISO Maintenance ISO Re ISO Maintenance Visit In April October May October Aug July Aug 2017 ISO Audit. BSI BSI nonconformities evolution 7 14 Suma Minor de NC Total Menor Suma Major de NC NC Total Mayor

12 Depósito Central de Valores S.A. Apoquindo Avenue No. 4001, 12th Floor Las Condes, Santiago. Phone: (56 2) Fax (56 2) DCV Registros S.A. Huérfanos 770, Floor 22 Santiago Centro, Santiago. Tel: (56 2) Fax: (56 2)