Business Continuity Plan Executive Overview

Transcription

1 Business Continuity Plan Executive Overview In terms of business continuity and disaster recovery planning, Harland Clarke s mission is to ensure the availability of critical business functions and Information Technology (IT) operations within acceptable timeframes should a disaster or outage affect one or more of our facilities or operations. Harland Clarke s plan is developed to meet the criteria and sound practices of the Federal Financial Institution Examination Council (FFIEC) interagency statement on contingency planning. The planning approach has the following features: Proactively evaluating risks and mitigating their effect through implementation of loss control counter measures, e.g., cyber risks & internet security provisions Annually updating the business impact analyses for prioritization of core processing and customer service functions and their information and service dependencies. Reviewing the plan quarterly Frequently upgrading business continuity strategies, the supporting disaster recovery strategies and their associated action plans part of our product development process Annually exercising sections of the business continuity plans and annual testing of disaster recovery plans Effectively providing awareness communications and training related to emergency operations, mitigation measures and recovery responsibilities for all associates 1 P age

2 BCP Activation Process Start Outage Reported -Console -Internal call, , fax -Client call, , fax -Automated Script -Supplier/PSP call, , fax Gather Details -Description of disaster? -Injuries? -City emergency offices contacted? -Extent of damage -Who else is affected? -Contact information Initiate Emergency Notification to CORPDR01 DRTDR Assessment Team Convenes at Predetermined Location Damage Assessment DRTDR Alert Alternate Site(s) Yes Activate Disaster Relocation Plan? Notify M&F Crisis Team Activate BCP/ DR Plan(s) No Follow Incident Management Process Notify Affected Clients 2 P age

3 Summary In the event of an emergency in one or more of our facilities, Harland Clarke has a number of available options depending on the particular situation. The Harland Clarke Information Systems are designed to transmit and transfer work anywhere in our system. Our typesetting systems and quality assurance files are centrally controlled and distributed. Therefore, the specifications for all of your documents are available for immediate use nationwide for as long as necessary. All check plants have designated alternate plants prepared to provide back-up support in case of a disaster or additional workload. However, in an emergency, any plant in any area can assist immediately. In addition, we have our own rebuilding operation with spare equipment ready and available for expansion, new plant start-ups, or for immediate shipment to any plant. This includes major equipment as well as spare parts. In addition to the above, Harland Clarke has employees who frequently travel to plants system-wide to support new technology installation, new plant start-ups and special high volume or short notice conversions. These employees, along with manufacturing staff employees, are available immediately in emergency situations. The following is an overview of Recovery Plans for critical business services: CPU and Network Contingency Plan A. Plan Elements Harland Clarke as a multi-faceted approach to protect the essential business functions served through data processing and data communications system. This approach is designed to prevent, minimize, and optimally recover from the loss of computing and communications resources, which drive our operations. Some of the elements of Legacy Clarke s plan are as follows: 1. Redundancy in mechanical and electrical systems UPS (Uninterruptible Power Supply) Emergency generator Redundant air conditioning Redundant chilled water units 3 P age

4 2. State-of-the-art fire protection and site security systems Fire suppression system Water detection system 3. Data protection and security systems Software and telecommunications security protection systems Off-site storage of data and system control software for backup protection 4. Redundancy in hardware and communications systems Redundancy in remote device and communications controllers at primary and recovery sites Integrated telecommunications dial back-up capability to remote customer sites and plants at primary and recovery sites 5. Site selection criterion for disaster prevention Not in flood plain Not in flight patterns Located away from railroads B. Disaster Downtime (RTO) We anticipate that, should a catastrophe strike a Harland Clarke computer center, critical systems can be recovered in hours. This estimate is based upon our current design, and exercise results, the nature of the disaster, and what day of the week the disaster occurs. During this short period, all plant and customer service personnel would continue to operate using manual procedures. After computer operations are restored, this manual tracking of all orders and service calls would be re-entered into the system and all operations would return to normal. 4 P age

5 Disaster Recovery Plan for Imprint Plants All Harland Clarke imprint plants have designated alternate plants prepared to provide backup support in case of a disaster or additional workload. Our plan network is designed to direct or re-direct complete processing information from one production site to another. Each plant maintains a spare parts inventory in the event of a machine breakdown. Expensive or hard to replace parts are maintained by Plant Engineering Services (PES) to be shipped overnight if needed. Equipment Imprint plants in the Harland Clarke system are not run at full capacity. Based on this, any of our production sites are equipped for additional production capacity. In addition, we have our own equipment rebuilding and storage operation. This location houses enough spare equipment to expand or open a new operation. This includes major equipment as well as spare parts. Base Stock Inventories Should volumes increase to Harland Clarke for any reason, Harland Clarke Base Stock operations can immediately respond with increased production of check stock for any of our facilities. This additional base stock would be available for overnight shipment to any production site. Harland Clarke has deployed redundant systems in each regional print facility, and each system has the ability to hub work to an alternate plant due to application design. Redundant systems can be reconfigured quickly to accept work up to double the normal work performed. Disaster backup tapes are performed each work night. In the event that one or more plants become unavailable, work can be hubbed to an alternative plant within hours while backup tapes are being transported to the alternate plant location. These disaster recovery procedures are standard across the Harland Clarke plant network. 5 P age

6 Disaster Recovery Plan for MICR Forms Salt Lake City, UT Harland Clarke s MICR Forms primary production facility is located in Salt Lake City, Utah. The plants computer systems run on Windows NT platform (Compaq ProLiant and IBM blade servers). All systems are backed up to a tape library and stored onsite and offsite. The network is connected across the Harland Clarke WAN to allow communication between all plants and departments within the company. Our Jeffersonville, Indiana facility is our designated disaster recovery site. Most composition and production equipment is virtually identical. In the event of an emergency requiring additional capacity, our Columbia, South Carolina facility would be used for the creation of inventory and specific overprint product lines. Composition files are maintained on-line in both facilities. Daily backups are performed on all updated composition files. All composition files are compatible with Postscript Level III. Full system backups are performed once per week. Two rotating backups of the system files are maintained. One backup is kept at the on- site and another one is kept at Perpetual storage. Each week the backups are rotated. All press equipment is regularly maintained and each facility has a minimum of five presses, all virtually identical. In the event of an equipment breakdown, the products can be moved to another press within the facility within two hours. Both facilities have multiple pieces of bindery equipment equally capable of performing redundant tasks necessary to ship orders in a timely basis. Harland Clarke has a policy of planned redundancy and back-up sourcing of computer, equipment, staffing and source of supply. If equipment fails for any reason, the equipment is repaired on an emergency basis if possible. We have maintenance agreements and emergency repair arrangements on critical equipment. If the equipment cannot be repaired in sufficient time to avoid significant down-time (greater than 24 hours or less depending on demand) the work will be: a) transferred to an alternate work center or b) outsourced, as appropriate. In the event of major equipment failure or loss due to fire, vandalism, etc., work will be immediately transferred to an alternate process or outsourced and the process to replace equipment will be expedited where possible. 6 P age

7 Disaster Recovery Plan for Contact Service Centers In the unlikely event of a Customer Service Center being shut down for any reason, Harland Clarke has contracted with our Telecom provider to immediately route all incoming calls to our additional Customer Service Center to ensure clients and their customers of uninterrupted service. Harland Clarke has also developed a Telephone Disaster Recovery Plan Checklist for our Contact Service Centers to utilize in the event of a disaster. Disaster Recovery Plan for Web servers In the event of prolonged outage impacting all our web servers, Harland Clarke has contracted with SunGard Availability Services to provide site, hardware and connectivity replacement until a return to normal operations. Anticipated recovery time is hours. For individual outages on a web server, redundancy is built into each server. Investment Services/Direct Marketing Baltimore, MD The Baltimore facility has added to the routine plant recovery procedures described above, by the addition of a hot-switchable, non-interrupted CPU processors and disk drives, reducing recovery time. Baltimore has also leveraged its disaster recovery for immediate movement to an alternate Harland Clarke facility; in the event of a major failure short of a site disaster at Baltimore, mirroring and automatic Wide-Area data updates allow for rapid continued processing to resume from the alternate site. Checks In The Mail, New Braunfels, TX Checks In The Mail recovery objective is to restore critical (Category I & II) production processes within hours, and essential (Category III) production processes within 72 hours to 1 week of a disaster that disables any functional area and/or essential equipment supporting the systems or functions in that area. In the event of a short or long-term outage, all areas can perform their functions from another location (even their own homes) with access to the Odyssey application. In the worst-case scenario of total destruction of the facility, with the restoration of 100% of the critical servers and applications, Priority 1 & 2 critical services can be 100% functional within the defined RTO of 8 hours to 1 week. SunGard Availability Services, 401 North Broad Street, Philadelphia, PA has been designated as the technology backup location for the CITM facility. 7 P age

8 Direct Marketing/Investment Services Disaster Recovery Plan Fallback Site Chicago, IL Customer Data Primary Site Glen Burnie, MD T1 Dedicated Data Line Real Time Data Shadowing Chicago HP3000 (fallback) DMIS HP3000 (primary) Harland WideArea Network DMIS Solimar Xerox Print Servers Xerox 4635 Xerox 4635 Primary Site Closeout Equipment Bindery Inserting Folding Harland Chicago Print Facilities 8 P age

9 Harland Clarke Data Centers Harland Clarke has two data centers located in Atlanta, GA and Dallas, TX; both are under contract with SunGard Availability Services for hot-site services. Included in the SunGard services at the time of a disaster or recovery exercises are: mainframe and distributed systems equipment, network connectivity and internet access. Harland Clarke Recovery Time Objective (RTO) is hours. The two data centers support different services for Harland Clarke and do not act as alternate backups to each other. Harland Clarke Routine Recovery As with any business, there are a number of routine outages, which occur that are not classified as a major disasters. In order to ensure the availability of Harland Clarke s services and products, standard operating procedures have been developed to effectively manage these outages. 9 P age