IDRBT BCP 240104.pdf
IDRBT BCP 240104.pdf
IDRBT BCP 240104.pdf
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
BUSINESS CONTINUITY PLANNING (<strong>BCP</strong>)<br />
NSE Case Study<br />
NSE.IT Limited<br />
C.Kajwadkar<br />
January 24, 2004<br />
© Confidential<br />
© Confidential
Agenda<br />
•About NSE.IT<br />
• Need for <strong>BCP</strong><br />
• <strong>BCP</strong> @ NSE<br />
© Confidential
NSE.IT – Profile<br />
• Formed in October 1999<br />
• 100% subsidiary of the National Stock Exchange of India<br />
Ltd.,<br />
• Provides all IT services including <strong>BCP</strong> to NSE<br />
• Products /Services to External Customers for :<br />
– Front- office s/w for Brokerage firms<br />
– IT infrastructure<br />
– Turnkey Projects<br />
–<strong>BCP</strong><br />
– Extensive experience on major Hardware and Software<br />
Platforms<br />
© Confidential
NSE.IT – Key Customers<br />
• National Stock Exchange<br />
– All IT services<br />
– S/W development<br />
– IT Infrastructure<br />
– Telecom . LAN /WAN / Sys admin / DBA<br />
–<strong>BCP</strong><br />
• Union Bank of India:<br />
– Data Center Development<br />
© Confidential
NSE.IT – Key Customers<br />
• Clearing Corporation of India Limited:<br />
– IT infrastructure consultancy<br />
– Facilities management<br />
– Web site development & maintenance<br />
–<strong>BCP</strong><br />
• Bharat Petroleum Corporation Limited<br />
– <strong>BCP</strong> for SAP R/3<br />
• IDBI Capital Market Services<br />
– Turnkey projects, Risk management<br />
•NCDEX<br />
© Confidential
Need for A Business Continuity Plan<br />
‣ Ability to serve customers<br />
‣ Avoidance of Direct /Indirect losses<br />
‣ Ever Increasing reliance on Information<br />
Technology<br />
‣ Continuity in business operations<br />
© Confidential
Definition<br />
DISASTER IS AN EVENT WHICH CAUSES<br />
UNACCEPTABLE DISRUPTION OF BUSINESS<br />
OPERATIONS FOR AN UNACCEPTABLE PERIOD<br />
OF TIME.<br />
© Confidential
Risks : Relative Outages<br />
Power Outage<br />
25%<br />
Other<br />
2%<br />
Software Error<br />
5%<br />
Service Failure<br />
1%<br />
Hardware Error<br />
8%<br />
Human Error<br />
2%<br />
Flood<br />
10%<br />
Burst Water Pipe<br />
1%<br />
Bombing<br />
7%<br />
Network Outage<br />
2%<br />
Employee Sabotage<br />
3%<br />
Power Surgef Spike<br />
3%<br />
Hurricane<br />
6%<br />
Fire<br />
8%<br />
Earthquake<br />
6%<br />
Storm Damage<br />
11%<br />
© Confidential
… Biggest Risk<br />
THE BIGGEST SINGLE RISK TO BUSINESS<br />
CONTINUITY IS THE LACK OF CONVICTION THAT<br />
A RISK ACTUALLY EXISTS<br />
IT’LL NEVER<br />
HAPPEN TO ME !!!<br />
© Confidential
System Failure causing long term problems<br />
Lost Productivity<br />
88.9%<br />
Significant Long Term Problems<br />
End - user managemnt<br />
dissatisfaction<br />
Customer dissatisfaction<br />
Overtime<br />
Lost revenues<br />
Lost transactions<br />
Lost customers<br />
Penalties or fines<br />
7.6%<br />
23.1%<br />
34.4%<br />
41.8%<br />
59.3%<br />
66.9%<br />
87.1%<br />
Other<br />
0.9%<br />
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0<br />
Percentage<br />
%<br />
Percentage<br />
© Confidential
© Confidential<br />
Computer down - time cost ($ per occurance)<br />
451<br />
412<br />
354<br />
263<br />
145<br />
Securities<br />
Manufacturing<br />
Banking<br />
140<br />
106<br />
330<br />
Retail<br />
Insurance<br />
All industry average<br />
0 100 200 300 400 500<br />
$Thousands<br />
Telecommunications<br />
Travel / Transportation<br />
Companies
Technology<br />
Strategic Risk Management Plan<br />
Crisis Management<br />
Strategic<br />
Approach<br />
Bus. Units Bus. Units Bus. Units Bus. Units Bus. Units<br />
Cause<br />
Clients and<br />
Others<br />
Competitive<br />
Environment<br />
Economic<br />
Cycle<br />
Information<br />
Natural<br />
Disaster<br />
Personnel<br />
Policy/<br />
Methodology<br />
Regulatory<br />
Political<br />
Reputation<br />
Brand<br />
Suppliers<br />
Replacement Cost Legal Regulatory<br />
Business Reputation Business Interruption<br />
Consequence<br />
Risk Mitigation Options<br />
Risk Responses (monitor & maintain)<br />
Risk<br />
Mitigation<br />
Business Continuity Responses<br />
© Confidential
Life Cycle of Business Continuity Plan<br />
Revisions &<br />
Modifications<br />
Plan Maintenance<br />
Business<br />
Impact<br />
Analysis<br />
Strategy<br />
Selection<br />
Detailed<br />
Plan<br />
Testing<br />
Stage 1 Stage 2 Stage 3<br />
© Confidential
Business Recovery Team Organization<br />
Business Recovery Team<br />
Administrative Team Technical Team Department Teams<br />
Insurance<br />
Transport<br />
Public Relations<br />
Personnel<br />
Legal<br />
Procurement<br />
Office Facilities<br />
Premises<br />
Hardware<br />
Software<br />
Communications<br />
Peripherals<br />
Cabling<br />
Department<br />
Department Plan<br />
Department Plan<br />
Plan<br />
© Confidential
A Case Study<br />
<strong>BCP</strong> @ NSE<br />
© Confidential
NSE : A TYPICAL BUSINESS DAY<br />
HEALTH CHECKS<br />
BACK UPS<br />
TRADING<br />
REPORTS<br />
CLEARING & SETTLEMENT<br />
© Confidential
HUB<br />
ANTENNA<br />
INSAT –3B<br />
Mainframe<br />
© Confidential
IT- INFRASTRUCTURE<br />
Trading Model<br />
INSAT - 3B<br />
Extend. C-Band<br />
16 th Transponder<br />
( 6857 - 6875 Mhz)<br />
512kbps<br />
76.8 Kbps<br />
ODU<br />
(Out Door Unit)<br />
LNBC<br />
(Low Noise Block Converter)<br />
ODU<br />
RFT<br />
Radio Frequency<br />
Transmission)<br />
X.25<br />
Cloud<br />
IFL Cables<br />
HOST<br />
Trader Worker Station<br />
© Confidential<br />
IDU<br />
VSAT HUB<br />
STRATUS
POST TRADE : BUSINESS CYCLE<br />
NSE<br />
NSCCL<br />
CLEARING<br />
BANKS<br />
DEPOSITORIES<br />
CLEARING MEMBERS /<br />
CUSTODIANS<br />
© Confidential
Clearing Banks<br />
Custodians<br />
INSAT - 3B<br />
National<br />
Depository<br />
N S E N E T<br />
NSE Regional Clearing House<br />
DELHI/CHENNAI/CALCUTTA<br />
FUNDS & SECURITIES<br />
• Obligations<br />
• Deliveries<br />
Extranet<br />
Clearing<br />
Front End<br />
(Gupta SQL)<br />
• 120 Screens<br />
• 160 Reports<br />
• 120 Batch Routine<br />
Near 1 m LOC<br />
• Total 1.5 TB of<br />
Database<br />
NCSS Production<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
POST-TRADE<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
H P<br />
9000<br />
Listing Database<br />
LOTUS NOTES<br />
SERVER<br />
STRATUS<br />
INTERNET/<br />
WEB SERVER<br />
Online Surveillance System<br />
3 Com E/NET SWITCH<br />
AND LAN HUBS<br />
Trading System<br />
© Confidential
KEY IT APPLICATION<br />
‣ Trading<br />
‣ Clearing and settlement<br />
‣ Membership<br />
‣ Listing<br />
‣ Surveillance<br />
‣ Position Monitoring<br />
‣ Risk Management<br />
‣ Data Warehouse<br />
‣ Extranet<br />
‣ On Line Certification (NCFM)<br />
© Confidential
Server<br />
Server<br />
Server<br />
Server<br />
Technology behind NSE<br />
DTU<br />
CTCL Setup<br />
CUSTODIANS<br />
CLRG. BANK<br />
INFO VENDORS<br />
64 Kbps<br />
Leased<br />
Line<br />
NSE-NET<br />
NET<br />
INSAT-3B<br />
VSAT<br />
REGIONAL CLRNG.<br />
HOUSES<br />
DISASTER<br />
DISASTER<br />
BACKUP BACKUP<br />
SITE SITE<br />
IVR<br />
System<br />
HELP DESK<br />
Codex<br />
Modems<br />
Newbridge<br />
2Mbps Muxes<br />
HUB ANTENNA<br />
(7.1 mtrs.)<br />
NMS<br />
GE SPACENET<br />
HUB PROC.<br />
TRADER<br />
WORK STNS<br />
(TWS)<br />
WDM<br />
IDU<br />
NSE CORP.<br />
NSE CORP.<br />
N/W<br />
N/W<br />
EICON X.25<br />
Server<br />
NSE<br />
CMOFFICES<br />
DEPOSITORY<br />
DEPOSITORY<br />
X.25<br />
Switches<br />
(Motorola)<br />
TRADING FACILITY<br />
AT NSE<br />
EICON X.25 Server<br />
LOTUS NOTES<br />
SERVER<br />
INTERNET/<br />
WEB SERVER<br />
3 Com E/NET SWITCH<br />
AND LAN HUBS<br />
&<br />
NSCCL<br />
NSCCL<br />
© Confidential<br />
© Confidential<br />
HP-9000 (K 400)<br />
BACK OFFICE<br />
SYSTEM<br />
PRODN. HOT DEVPT. HISTORY<br />
SURVEILLANCE<br />
STANDBY<br />
SYSTEM<br />
DEC-ALPHA<br />
CLEARING & SETTLEMENT SYSTEMS<br />
STRATUS<br />
Prodn.<br />
&<br />
Devpt.
NSE NETWORK SPREAD<br />
• No. of Cities 360<br />
• No. of VSATs 2900<br />
• Leased Lines 952<br />
© Confidential
NSE MARKET SEGMENTS<br />
• CAPITAL MARKET<br />
• DERIVATIVES<br />
-Index Futures<br />
-Index Option<br />
-Stock Futures<br />
-Stock Option<br />
• WHOLESALE DEBT MARKET (WDM)<br />
© Confidential
NSE TODAY<br />
‣ DAILY AVERAGE TURNOVER (Rs.Crores)<br />
CAPITAL MARKET – Rs.5000<br />
DERIVATIVES - Rs.10000<br />
WDM - RS.3500<br />
© Confidential
NSE TODAY<br />
‣ AVERAGE NUMBER OF CONCURRENT<br />
USERS IN SYSTEM<br />
• Capital market 8000<br />
• Derivatives 4000<br />
© Confidential
IMPACT OF DISASTER AT NSE<br />
TANGIBLE<br />
‣ Loss of turnover fees<br />
‣ Loss of brokerage charges to brokers<br />
‣ Loss of earnings for<br />
• Clearing Corporation<br />
• Depositories<br />
• Custodians<br />
• Clearing Banks<br />
‣ Legal Liability<br />
© Confidential
IMPACT OF DISASTER AT NSE<br />
INTANGIBLE<br />
‣ Unpredictable recovery time<br />
‣ Chaotic recovery operations<br />
‣ Loss of image of organization<br />
‣ Loss of image for Indian Securities Industry<br />
‣ Increase in apprehensions of Global Investors<br />
‣ Loss of image of country<br />
© Confidential
<strong>BCP</strong> AT NSE<br />
KICK START<br />
‣ Clarity at top management for need<br />
‣ Organisation wide commitment towards<br />
objective of the Exchange<br />
‣ The FIRE project<br />
© Confidential
NSE OBJECTIVES OF <strong>BCP</strong><br />
‣ Establish a framework to develop a<br />
Business Continuity Plan.<br />
‣ Develop a cost effective and operable<br />
recovery plan<br />
‣ Minimize the impact of a disaster on an<br />
organization<br />
© Confidential
NSE : APPROACH FOR <strong>BCP</strong><br />
‣ Build <strong>BCP</strong> ; not DR<br />
‣ Develop DR site with Redundant systems<br />
‣ Follow <strong>BCP</strong> Life – Cycle<br />
‣ Emphasis on P-D-C-A<br />
© Confidential
MAJOR DECISION POINTS<br />
‣ Location at DR Site<br />
‣ Strategy<br />
– Replication of Systems<br />
– Replication of Data<br />
‣ Maximum Recovery Time for operations<br />
‣ Minimum Critical Resources<br />
© Confidential
PARAMETERS FOR LOCATION OF DR<br />
SITE<br />
‣ Different city<br />
‣ SACFA (Standing Advisory Committee for Radio-<br />
Frequency Allocation) approved<br />
‣ Easily linkable to main site via a high speed<br />
data link (optical fibre) for online-real time<br />
connectivity<br />
‣ Easily and quickly reachable from Mumbai (well<br />
connected by road/rail/air)<br />
‣ Protected from natural calamities.<br />
© Confidential
PROJECT IMPLEMENTATION<br />
‣ Development of DR Site<br />
‣ Team Plans<br />
‣ Test Plans<br />
‣ Phasing of Testing<br />
• Segment –wise<br />
• Application- wise<br />
‣ Internal mock<br />
‣ External Mock<br />
‣ Live Operation<br />
© Confidential
PROJECT IMPLEMENTATION CONT’D<br />
‣ Development of DR Site<br />
• Data Centre<br />
• Utilities UPS/AC/ DG<br />
• Hardware ; Stratus ,UNIX, Intel Servers , PC<br />
• Network; LAN, VSAT HUB, VOICE<br />
• OS/Applications/Databases<br />
• System Level Testing<br />
• Data Replication<br />
• Tape Backups at DR Site<br />
© Confidential
PROJECT IMPELMENTATION CONT’D<br />
‣ Team & Test Plan- Template based, review<br />
process<br />
‣ Testing<br />
• Over the network<br />
• On Site /Phased/ Segmented<br />
• Integrated for a given business cycle<br />
• Involve regional offices, select brokers<br />
• Involve intermediaries<br />
‣ Mock - Two Mock Sessions for each segment<br />
‣ Live - Advance intimation to brokers / regulator<br />
© Confidential
DRILL - THRILLS<br />
MONDAY - FRIDAY<br />
MUMBAI<br />
SUNDAY<br />
MUMBAI<br />
SATURDAY<br />
DR site<br />
© Confidential
<strong>BCP</strong> MAINTENANCE ISSUES<br />
‣ DR Site Maintenance<br />
• AMC / Licensing/Regulatory Clearances<br />
• Data replication: Automation/Refinements<br />
• Staffing/Multi skilling<br />
• Discipline for release of application roll outs<br />
• <strong>BCP</strong> for new systems rolled out at primary site<br />
• Plan updation<br />
• Changes in departmental teams<br />
© Confidential
NSE : <strong>BCP</strong> CURRENT STATUS<br />
‣ DR Site moved to Chennai<br />
‣ Site developed completely<br />
‣ Special arrangements for testing of Site<br />
from Mumbai<br />
‣ Site is Live<br />
© Confidential
Case Studies at www.nseit.biz<br />
• NSE<br />
• CCIL<br />
• BPCL<br />
<strong>BCP</strong> Related web sites<br />
• www.drj.com<br />
• www.drii.org<br />
• www.contingencyplanning.com<br />
© Confidential
Offering in Certifications in <strong>BCP</strong><br />
• DRI International – USA<br />
• Associate, Certified & Master <strong>BCP</strong><br />
www.drii.org<br />
• Business Continuity Institute – UK<br />
• Associate, member & fellow BCI<br />
thebci.org<br />
© Confidential
My contact<br />
ckajwadkar@nseit.biz<br />
© Confidential
© Confidential<br />
Q & A
© Confidential<br />
THANK YOU