BME CLEARING s Business Continuity Policy

Similar documents
Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 13 Business Continuity

INFORMATION SECURITY- DISASTER RECOVERY

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Introduction to Business continuity Planning

IT CONTINUITY, BACKUP AND RECOVERY POLICY

L18: Integrate Control Disciplines to Increase Control and Save Money

DISASTER RECOVERY PRIMER

Rediffmail Enterprise High Availability Architecture

BCM Program Development

Certified Information Systems Auditor (CISA)

I. PURPOSE III. PROCEDURE

Module 4 STORAGE NETWORK BACKUP & RECOVERY

April Appendix 3. IA System Security. Sida 1 (8)

1 Data Center Requirements

WHITE PAPER- Managed Services Security Practices

Level 3 Certificate in Cloud Services (for the Level 3 Infrastructure Technician Apprenticeship) Cloud Services

DATA BACKUP AND RECOVERY POLICY

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

APNIC DNSSEC APNIC DNSSEC. Policy and Practice Statement. DNSSEC Policy and Practice Statement Page 1 of 12

SAS SOLUTIONS ONDEMAND

Information. Technology. Annual Report

Business Continuity Management Standards A Side-by-Side Comparison

Template. IT Disaster Recovery Planning: A Template

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Specifications for WebDocs On-Demand

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

Network Security Policy

Infocomm Professional Development Forum 2011

Data Backup and Contingency Planning Procedure

INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK

Network Performance, Security and Reliability Assessment

Policy Document. PomSec-AllSitesBinder\Policy Docs, CompanyWide\Policy

Global Statement of Business Continuity

Disaster Recovery and Business Continuity Planning (Mile2)

Information technology Security techniques Information security controls for the energy utility industry

EA-ISP Business Continuity Management and Planning Policy

Appendix 3 Disaster Recovery Plan

Chapter 8: IT Service Management. Topics covered: 1.1 Roles of helpdesk support staff. 1.2 Different types of helpdesk support level

Business Continuity & Disaster Recovery

Data Recovery Policy

Introduction To IS Auditing

Business Continuity Plan Executive Overview

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

HIPAA Compliance and OBS Online Backup

BME CO-LOCATION SERVICE DESCRIPTION

Introduction. Controlling Information Systems. Threats to Computerised Information System. Why System are Vulnerable?

INFORMATION TECHNOLOGY Annual Report

Business Continuity Plan (BCP) in Case of an Emergency

HIPAA Security and Privacy Policies & Procedures

Information Technology Disaster Recovery Planning Audit Redacted Public Report

Disaster Recovery Planning: Weighing your customer s options

Canada Life Cyber Security Statement 2018

CITY OF MONTEBELLO SYSTEMS MANAGER

After the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning

Table of Contents. Sample

Policy and Procedure: SDM Guidance for HIPAA Business Associates

SECURITY & PRIVACY DOCUMENTATION

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

White Paper. How to select a cloud disaster recovery method that meets your requirements.

ZyLAB delivers a SaaS solution through its partner data center provided by Interoute and through Microsoft Azure.

3.3 Understanding Disk Fault Tolerance Windows May 15th, 2007

Continuity of Business

Network Code on Emergency and Restoration - Implementation Guide for the Communication Systems Requirements. Final VERSION

The Common Controls Framework BY ADOBE

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Cisco Secure Ops Solution

Cybersecurity Overview

INFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare

Data Center Operations Guide

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

EMC CLARiiON CX3-40. Reference Architecture. Enterprise Solutions for Microsoft Exchange 2007

PretaGov Australia SaaS Hosting with Fully Managed Services, Support and Maintenance

DATABASE ADMINISTRATOR

REPORT 2015/149 INTERNAL AUDIT DIVISION

2 ESF 2 Communications

Security Standards for Electric Market Participants

Business Continuity Plan

Business continuity management and cyber resiliency

MassMutual Business Continuity Disclosure Statement

The Project Charter. Date of Issue Author Description. Revision Number. Version 0.9 October 27 th, 2014 Moe Yousof Initial Draft

ISO/IEC TR TECHNICAL REPORT

Business Resiliency in the Cloud: Reality or Hype?

Ensure that all windows servers are patched and virus checked to the correct levels and that changes are made in line with ISO standards

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Projectplace: A Secure Project Collaboration Solution

Disaster Recovery Planning: Is Your Plan in Place? Presented by: Steve Shofner, CISA, CGEIT

SIMATIC PCS 7 V6.1 + SP1. Redundancy and fault tolerance with PCS 7. Redundancy and fault tolerance with PCS 7. Topics

NEN The Education Network

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

Natural Disaster Preparation Checklist

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Severn Trent Water. Telecommunications Policy and Access Procedure

Physical and Environmental Security Standards

Disaster Recovery Webinar August 11, 2015

ADIENT VENDOR SECURITY STANDARD

Dude Solutions Business Continuity Overview

Google Cloud & the General Data Protection Regulation (GDPR)

Transcription:

BME CLEARING s Business Continuity Policy

Contents 1. Introduction 1 2. General goals of the Continuity Policy 1 3. Scope of BME CLEARING s Business Continuity Policy 1 4. Recovery strategies 2 5. Distribution of backup capacities 2 6. Clearing Services 3 6.1 Functions supported 3 7. Clearing Information Technology Infrastructure 3 7.1 Central system infrastructure 3 7.1.1 Clearing machines and application 3 7.1.2 Telecommunication and security equipment 3 7.1.3 Central communication servers 4 7.2 Access point infrastructure 4 7.2.1 Telecommunication lines 4 7.2.2 Telecommunication equipment 4 7.3 Member Infrastructure 4 7.3.1 Telecommunication lines and equipment 4 7.3.2 Access servers 4 7.4 Corporate services 5 8. Environment and physical installations 5 9. Training Plan and Continuity Tests 5 10. Continuity Plans Revision 6 11. Audit plans 6 Annex I. Options of redundancy in member infrastructure 7 ii

1. Introduction According to current regulations, this Business Continuity Policy has been approved by the BME Clearing board meeting held on 26 February 2014. The CEO is responsible for the general coordination of Business Continuity. Our company has three locations, two in Madrid and the other in Barcelona. In the preparation of the BCP, every effort has been made to provide those centres with the necessary capacity and resources so that in the event of a disaster in one centre the majority of functions can be assumed from another one. This document describes the main areas of the plan providing an overview of the strategies used in order to achieve the continuity of services. It does not contain personal details of the employees or specific names of resources. 2. General goals of the Continuity Policy The global objectives of the Business Continuity Policy at BME Clearing are: Ensure the safety and physical integrity of the employees. Minimise the impact of the emergency situation on the service to our members and clients. Faced with a disaster situation in either of the two central locations, obtain a rapid recovery of the critical services in the other location. Whenever viable, protect the equipment and other partially damaged or undamaged assets from greater harm. Return to normal operations in the affected location once the disaster situation has been dealt with. Achieve effective communication both in the procedure of notifying its employees and in notifying clients and members. Comply with the requirements of current legislation. 3. Scope of BME CLEARING s Business Continuity Policy The main business processes at BME Clearing are Margin Management and Daily Settlements. For both processes, BME Clearing analyses the risks, including their impact and probability. The result of the corresponding Business Impact Analysis is a key element to develop the specific Recovery Plans of the company. The Business Continuity Policy includes actions and procedures defined in detail in the specific recovery plans for the areas of the company. For each of these areas there is a plan manager and one or more recovery plans. The areas covered in this document are: Área Responsible Clearing Services COO Information Technology Infrastructures of UNIX Systems Responsible the Clearing Department Environment and Physical installations General Services Manager - Maintenance Some of the backup capacities envisaged are automatic, whilst others require manual intervention. In the latter case, minimising the time without service is essential aim of the plan. Several disaster situations are considered. For each scenario the triggering events are defined, as well as specific protection actions and measures for each level. When defining the emergency situations we have also taken into consideration the time period in which the contingency occurs. 1

4. Recovery strategies The recovery strategies at BME Clearing include: Alternative premises in the same geographical area, immediately accessible. Diversified Data Processing Centers, located in zones with different geographical risk profile, supporting the recovery of all critical infrastructures and services in an objective time of 15 minutes, and always under 4h as required by the corresponding regulations. Remote access for most of the staff. Personnel trained in critical business tasks. 5. Distribution of backup capacities The central systems are replicated in two locations, Barcelona and Madrid, which are separated by more than 500 kilometres. Other systems, with less criticality are replicated in two locations in the Madrid area, separated by 15 kilometres. The following table displays the distribution of the back-up capacity and the roles of each location normally, as well as the RPO (Recovery Point Objective) and RTO (Recovery Time Objective: Service of access point (communications with clients and members) Clearing Application Services Barcelona Madrid_1 Madrid_2 RPO RTO Active Active Active T Immediate Passive Active Not available Simulation Environment Not available Active Not available T 15 <4h - - Corporate Services Not available Active Passive T 4h Web Services Not available Active Passive T 4h Technical Service Helpdesk) Clearing Service Helpdesk) Support (Technical Support (Clearing Development of Applications Department Not available Active Passive T 2h Active Active Not available Active Passive Not available - - D-1 1 day In the above context, the term passive means that in normal conditions functionality is not implemented but the necessary infrastructure is in place for it to be implemented in the case of disaster. In the cases where the role of several centres is active, the capacity exists for automatic recovery in case of disaster. For the other services, a situation of disaster would imply a period without service during which actions would be carried out until operations have been re-established. 2

6. Clearing Services The contingency plan for the Clearing services is conceived so that in the case of disaster in BME CLEARING main location the critical functions can be done from the passive location during the period required to get back to normal. It is envisaged the transfer of personnel from one centre to the other in case it is required. 6.1 Functions supported Confirmation of margins Communication with Banco de España Management of daily risk in real time Management of transfers Consultation of clearing from previous day Management of expirations (deliveries) Management of splits Telephonic technical support The plan includes an inventory of technical equipment (hardware, applications and data) which have been duplicated in another location. In addition the tasks are defined and the frequency with which they would have to be executed to achieve that the plan functions correctly. The plan is reviewed each year. It is updated with each entry of new services or modification. 7. Clearing Information Technology Infrastructure The recovery plan for Clearing Information Technology covers the procedures of supervision, detection, notification, restoration and reestablishment after a disaster situation arises that can have an impact on hardware, telecommunication services and critical applications. As part of the program, training has also been included of technicians that manage the lines and communication equipment, the security systems and market applications. As general criteria, duplication of all elements is sought to avoid single points of failure, be it in the Member installations, in the access points or in the central locations. The most important components to protect are listed below and the mechanisms that would be implemented in the case of partial or complete disaster: 7.1 Central system infrastructure In the central installations automatic redundancy has been configured taking advantage of the duplication of equipment, in many cases with high availability configurations 7.1.1 Clearing machines and application The hardware on which the clearing application runs is made up of the system hosts of clearing, the disk arrays and the removable storage units. The disk arrays are configured for tolerance to failures and maximum velocity in access using the RAID 5 system. At the Madrid site there are two of these machines with a local replication mechanism. In a normal state, the clearing application that runs in the machines in Madrid is the application that has the active role. The Barcelona machine is passive. Clearing information is stored in a database on a cluster in Madrid. An additional hot-standby replica of the database is located in Barcelona. 7.1.2 Telecommunication and security equipment Switches, routers and central firewalls. Systems duplicated on site and equipped with options 3

of automatic redundancy with additional backup at the other geographical location. The failure of an individual component would be completely transparent for the services. A contingency situation in one of the locations would trigger the switch to the equipment of the other central site. 7.1.3 Central communication servers They are the communication servers for systems used by members, quote vendors and internal personnel of the clearing support department. They have redundant connections with the clearing machines at both geographical locations, being able to switch from one to the other in the event of a hardware failure. 7.2 Access point infrastructure There are two access points in each one of the following cities: Barcelona, Bilbao, Madrid. The location of one of those nodes in Barcelona and one of the nodes in Madrid are those of the central hosts. 7.2.1 Telecommunication lines The two nodes in each city are interconnected. They are also connected with one of the nodes in Madrid, so that there are always two paths to access from any node to the central hosts. The telecommunication providers have been combined in order to avoid the dependence on a single provider for both paths. 7.2.2 Telecommunication equipment The routers use redundancy mechanisms based on HSRP whereby, should a fault occur in one of them, the other will take over the former s functions to ensure continuity of service. Switches are also replicated. The connections of access servers to the switches are distributed so that the failure of one of the switches does not imply a severe impact on the service as the servers connected to the other continue to function normally. Each member is assigned several access servers for third-party applications (API GATE) in different access points. The client application can implement automatic switchover mechanisms in case of problems accessing a node. 7.3 Member Infrastructure The components of the standard Member installation are duplicated, whereby in the event of failure of any device or line the Member can continue the operation without the need for intervention. 7.3.1 Telecommunication lines and equipment Two telecommunication lines are connected to two different access points and are contracted using distinct service providers whenever possible. Each line is connected to one of the routers. The routing protocol is configured so that the situations of a line failure are automatically solved. Switches and routers at the members sites have the same redundancy options as an access node 7.3.2 Access servers The communications server Access establishes a TCP/IP connection with the access points through which it exchanges messages with the central systems. The Access server maintains a list of access points with a preference of connections associated to each one. The software of this communications server has the capacity to detect connection problems with its main access point and, if necessary, use the next access point on its list. 4

7.4 Corporate services In the context of this document, corporate services are those which, although they cannot be classified as extremely critical for the operation of the Clearing processes, could have an impact on the efficient response of employees to Members and clients if they were affected. Examples of these services would be: E-mail system Antivirus systems Access to corporate file servers Access to Internet navigation Access to databases and corporate programs Internal computer services: DNS, DHCP, Intranet The corporate network of BME has a single internal domain with various servers that act as domain controllers (DCs) and which are found in the central sites. The domain services like the Active Directory, DNS, DHCP and WEB are also distributed. The Contingency Plan for corporate services contains the events and conditions of failure that would trigger the procedures of actions under the specific continuity plan for this area, as well as information on the employees assigned management functions and responsible for activating the recovery program. 8. Environment and physical installations The facilities security group maintains the Emergency and Evacuation Plan and manages the technical means necessary to detect a disaster situation. The staff in charge of the Facilities Security maintains the control of the procedures describing the procedures to be done in case of a disaster situation, including the mechanisms for notifying the other plan managers and the links with the public authorities (police, fire service and local government). 9. Training Plan and Continuity Tests Conducting regular continuity tests helps ensure that the contingency plans are updated and effective whilst ensuring that all members of the recovery team are familiar with the plans. The testing program sets out how and when to test each element of the plan. Training in continuity procedures and execution of continuity tests follow the following criteria: The staff must be appropriately trained before executing the tests. Staff should rotate so that all members of the departments involved participate in the tests. Contingency tests cannot put at risk the normal operation of the systems. There will be a documented Contingency Test Plan. The contingency tests will be done at least once a year for all elements supporting critical business components. The test results will be appropriately documented. The test program covers the following: Individual components. They are tested with greater frequency. Examples: Electrical systems, central firewall equipment. Simulations to train personnel that manage the crisis in their respective roles. Tests of resources and service providers. Example: Tests with telecommunication lines. 5

10. Continuity Plans Revision The continuity plan in BME CLEARING is a continuous process that develops with the introduction of new technologies, the results of disaster simulations, the experience of its technical personnel and management, and through the on-going training of employees involved in the plan. The plans must be reviewed: Every time there is a significant change in any of the Business Critical Services. When new risks are identified in the Business Impact Analysis. At least once a year a review of the recovery plans will be performed. After Continuity Plan audits, in case there are recommendations. The responsible for the plan will report to the CEO any revision made to the plans. 11. Audit plans The administrative aspects of the processes included in BME CLEARING S BCP such as the structure, content, measures and the documentation concerning control procedures are audited each year. These reviews are carried out by an independent firm. 6

Annex I. Options of redundancy in member infrastructure Access Point 1 Prefered: BAS 1 Backup: BAS 2 MEFF Site 1 6 Member Site 1 Member Network MEFF Network at Member Premises 5 Exchange Clients Ethernet Link Router A Leased Line Access Point Server 1 (APS 1) Backend Access Server 1 (BAS 1) Exchange Clients HSRP Protocol (Virtual IP Address) 2 3 4 7 Ethernet Link Router B Leased Line Access Point 2 Prefered: BAS 2 Backup: BAS 1 MEFF Site 2 Access Point Server 2 (APS 2) Backend Access Server 2 (BAS 2) 1. Redundant links with the Member network and only one virtual IP address as port of link to the MEFF network 2. Routers duplicated 3. Lines duplicated, different suppliers and connected to different access points 4. Line between access points allows communication with the backup central system in the case of failure on the line that connects with the main centre 5. The Exchange Clients in Member installation can connect to any of the servers of the access points 6. The Back-end servers are replicated in separate central sites 7. Duplicated high speed lines provided by different suppliers between the central sites. 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback