21.01.2014 Views

IDRBT BCP 240104.pdf

IDRBT BCP 240104.pdf

IDRBT BCP 240104.pdf

SHOW MORE
SHOW LESS

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

BUSINESS CONTINUITY PLANNING (<strong>BCP</strong>)<br />

NSE Case Study<br />

NSE.IT Limited<br />

C.Kajwadkar<br />

January 24, 2004<br />

© Confidential<br />

© Confidential


Agenda<br />

•About NSE.IT<br />

• Need for <strong>BCP</strong><br />

• <strong>BCP</strong> @ NSE<br />

© Confidential


NSE.IT – Profile<br />

• Formed in October 1999<br />

• 100% subsidiary of the National Stock Exchange of India<br />

Ltd.,<br />

• Provides all IT services including <strong>BCP</strong> to NSE<br />

• Products /Services to External Customers for :<br />

– Front- office s/w for Brokerage firms<br />

– IT infrastructure<br />

– Turnkey Projects<br />

–<strong>BCP</strong><br />

– Extensive experience on major Hardware and Software<br />

Platforms<br />

© Confidential


NSE.IT – Key Customers<br />

• National Stock Exchange<br />

– All IT services<br />

– S/W development<br />

– IT Infrastructure<br />

– Telecom . LAN /WAN / Sys admin / DBA<br />

–<strong>BCP</strong><br />

• Union Bank of India:<br />

– Data Center Development<br />

© Confidential


NSE.IT – Key Customers<br />

• Clearing Corporation of India Limited:<br />

– IT infrastructure consultancy<br />

– Facilities management<br />

– Web site development & maintenance<br />

–<strong>BCP</strong><br />

• Bharat Petroleum Corporation Limited<br />

– <strong>BCP</strong> for SAP R/3<br />

• IDBI Capital Market Services<br />

– Turnkey projects, Risk management<br />

•NCDEX<br />

© Confidential


Need for A Business Continuity Plan<br />

‣ Ability to serve customers<br />

‣ Avoidance of Direct /Indirect losses<br />

‣ Ever Increasing reliance on Information<br />

Technology<br />

‣ Continuity in business operations<br />

© Confidential


Definition<br />

DISASTER IS AN EVENT WHICH CAUSES<br />

UNACCEPTABLE DISRUPTION OF BUSINESS<br />

OPERATIONS FOR AN UNACCEPTABLE PERIOD<br />

OF TIME.<br />

© Confidential


Risks : Relative Outages<br />

Power Outage<br />

25%<br />

Other<br />

2%<br />

Software Error<br />

5%<br />

Service Failure<br />

1%<br />

Hardware Error<br />

8%<br />

Human Error<br />

2%<br />

Flood<br />

10%<br />

Burst Water Pipe<br />

1%<br />

Bombing<br />

7%<br />

Network Outage<br />

2%<br />

Employee Sabotage<br />

3%<br />

Power Surgef Spike<br />

3%<br />

Hurricane<br />

6%<br />

Fire<br />

8%<br />

Earthquake<br />

6%<br />

Storm Damage<br />

11%<br />

© Confidential


… Biggest Risk<br />

THE BIGGEST SINGLE RISK TO BUSINESS<br />

CONTINUITY IS THE LACK OF CONVICTION THAT<br />

A RISK ACTUALLY EXISTS<br />

IT’LL NEVER<br />

HAPPEN TO ME !!!<br />

© Confidential


System Failure causing long term problems<br />

Lost Productivity<br />

88.9%<br />

Significant Long Term Problems<br />

End - user managemnt<br />

dissatisfaction<br />

Customer dissatisfaction<br />

Overtime<br />

Lost revenues<br />

Lost transactions<br />

Lost customers<br />

Penalties or fines<br />

7.6%<br />

23.1%<br />

34.4%<br />

41.8%<br />

59.3%<br />

66.9%<br />

87.1%<br />

Other<br />

0.9%<br />

0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0<br />

Percentage<br />

%<br />

Percentage<br />

© Confidential


© Confidential<br />

Computer down - time cost ($ per occurance)<br />

451<br />

412<br />

354<br />

263<br />

145<br />

Securities<br />

Manufacturing<br />

Banking<br />

140<br />

106<br />

330<br />

Retail<br />

Insurance<br />

All industry average<br />

0 100 200 300 400 500<br />

$Thousands<br />

Telecommunications<br />

Travel / Transportation<br />

Companies


Technology<br />

Strategic Risk Management Plan<br />

Crisis Management<br />

Strategic<br />

Approach<br />

Bus. Units Bus. Units Bus. Units Bus. Units Bus. Units<br />

Cause<br />

Clients and<br />

Others<br />

Competitive<br />

Environment<br />

Economic<br />

Cycle<br />

Information<br />

Natural<br />

Disaster<br />

Personnel<br />

Policy/<br />

Methodology<br />

Regulatory<br />

Political<br />

Reputation<br />

Brand<br />

Suppliers<br />

Replacement Cost Legal Regulatory<br />

Business Reputation Business Interruption<br />

Consequence<br />

Risk Mitigation Options<br />

Risk Responses (monitor & maintain)<br />

Risk<br />

Mitigation<br />

Business Continuity Responses<br />

© Confidential


Life Cycle of Business Continuity Plan<br />

Revisions &<br />

Modifications<br />

Plan Maintenance<br />

Business<br />

Impact<br />

Analysis<br />

Strategy<br />

Selection<br />

Detailed<br />

Plan<br />

Testing<br />

Stage 1 Stage 2 Stage 3<br />

© Confidential


Business Recovery Team Organization<br />

Business Recovery Team<br />

Administrative Team Technical Team Department Teams<br />

Insurance<br />

Transport<br />

Public Relations<br />

Personnel<br />

Legal<br />

Procurement<br />

Office Facilities<br />

Premises<br />

Hardware<br />

Software<br />

Communications<br />

Peripherals<br />

Cabling<br />

Department<br />

Department Plan<br />

Department Plan<br />

Plan<br />

© Confidential


A Case Study<br />

<strong>BCP</strong> @ NSE<br />

© Confidential


NSE : A TYPICAL BUSINESS DAY<br />

HEALTH CHECKS<br />

BACK UPS<br />

TRADING<br />

REPORTS<br />

CLEARING & SETTLEMENT<br />

© Confidential


HUB<br />

ANTENNA<br />

INSAT –3B<br />

Mainframe<br />

© Confidential


IT- INFRASTRUCTURE<br />

Trading Model<br />

INSAT - 3B<br />

Extend. C-Band<br />

16 th Transponder<br />

( 6857 - 6875 Mhz)<br />

512kbps<br />

76.8 Kbps<br />

ODU<br />

(Out Door Unit)<br />

LNBC<br />

(Low Noise Block Converter)<br />

ODU<br />

RFT<br />

Radio Frequency<br />

Transmission)<br />

X.25<br />

Cloud<br />

IFL Cables<br />

HOST<br />

Trader Worker Station<br />

© Confidential<br />

IDU<br />

VSAT HUB<br />

STRATUS


POST TRADE : BUSINESS CYCLE<br />

NSE<br />

NSCCL<br />

CLEARING<br />

BANKS<br />

DEPOSITORIES<br />

CLEARING MEMBERS /<br />

CUSTODIANS<br />

© Confidential


Clearing Banks<br />

Custodians<br />

INSAT - 3B<br />

National<br />

Depository<br />

N S E N E T<br />

NSE Regional Clearing House<br />

DELHI/CHENNAI/CALCUTTA<br />

FUNDS & SECURITIES<br />

• Obligations<br />

• Deliveries<br />

Extranet<br />

Clearing<br />

Front End<br />

(Gupta SQL)<br />

• 120 Screens<br />

• 160 Reports<br />

• 120 Batch Routine<br />

Near 1 m LOC<br />

• Total 1.5 TB of<br />

Database<br />

NCSS Production<br />

DEC<br />

ALPHA<br />

UNIX<br />

+<br />

ORACLE 8i<br />

POST-TRADE<br />

DEC<br />

ALPHA<br />

UNIX<br />

+<br />

ORACLE 8i<br />

DEC<br />

ALPHA<br />

UNIX<br />

+<br />

ORACLE 8i<br />

H P<br />

9000<br />

Listing Database<br />

LOTUS NOTES<br />

SERVER<br />

STRATUS<br />

INTERNET/<br />

WEB SERVER<br />

Online Surveillance System<br />

3 Com E/NET SWITCH<br />

AND LAN HUBS<br />

Trading System<br />

© Confidential


KEY IT APPLICATION<br />

‣ Trading<br />

‣ Clearing and settlement<br />

‣ Membership<br />

‣ Listing<br />

‣ Surveillance<br />

‣ Position Monitoring<br />

‣ Risk Management<br />

‣ Data Warehouse<br />

‣ Extranet<br />

‣ On Line Certification (NCFM)<br />

© Confidential


Server<br />

Server<br />

Server<br />

Server<br />

Technology behind NSE<br />

DTU<br />

CTCL Setup<br />

CUSTODIANS<br />

CLRG. BANK<br />

INFO VENDORS<br />

64 Kbps<br />

Leased<br />

Line<br />

NSE-NET<br />

NET<br />

INSAT-3B<br />

VSAT<br />

REGIONAL CLRNG.<br />

HOUSES<br />

DISASTER<br />

DISASTER<br />

BACKUP BACKUP<br />

SITE SITE<br />

IVR<br />

System<br />

HELP DESK<br />

Codex<br />

Modems<br />

Newbridge<br />

2Mbps Muxes<br />

HUB ANTENNA<br />

(7.1 mtrs.)<br />

NMS<br />

GE SPACENET<br />

HUB PROC.<br />

TRADER<br />

WORK STNS<br />

(TWS)<br />

WDM<br />

IDU<br />

NSE CORP.<br />

NSE CORP.<br />

N/W<br />

N/W<br />

EICON X.25<br />

Server<br />

NSE<br />

CMOFFICES<br />

DEPOSITORY<br />

DEPOSITORY<br />

X.25<br />

Switches<br />

(Motorola)<br />

TRADING FACILITY<br />

AT NSE<br />

EICON X.25 Server<br />

LOTUS NOTES<br />

SERVER<br />

INTERNET/<br />

WEB SERVER<br />

3 Com E/NET SWITCH<br />

AND LAN HUBS<br />

&<br />

NSCCL<br />

NSCCL<br />

© Confidential<br />

© Confidential<br />

HP-9000 (K 400)<br />

BACK OFFICE<br />

SYSTEM<br />

PRODN. HOT DEVPT. HISTORY<br />

SURVEILLANCE<br />

STANDBY<br />

SYSTEM<br />

DEC-ALPHA<br />

CLEARING & SETTLEMENT SYSTEMS<br />

STRATUS<br />

Prodn.<br />

&<br />

Devpt.


NSE NETWORK SPREAD<br />

• No. of Cities 360<br />

• No. of VSATs 2900<br />

• Leased Lines 952<br />

© Confidential


NSE MARKET SEGMENTS<br />

• CAPITAL MARKET<br />

• DERIVATIVES<br />

-Index Futures<br />

-Index Option<br />

-Stock Futures<br />

-Stock Option<br />

• WHOLESALE DEBT MARKET (WDM)<br />

© Confidential


NSE TODAY<br />

‣ DAILY AVERAGE TURNOVER (Rs.Crores)<br />

CAPITAL MARKET – Rs.5000<br />

DERIVATIVES - Rs.10000<br />

WDM - RS.3500<br />

© Confidential


NSE TODAY<br />

‣ AVERAGE NUMBER OF CONCURRENT<br />

USERS IN SYSTEM<br />

• Capital market 8000<br />

• Derivatives 4000<br />

© Confidential


IMPACT OF DISASTER AT NSE<br />

TANGIBLE<br />

‣ Loss of turnover fees<br />

‣ Loss of brokerage charges to brokers<br />

‣ Loss of earnings for<br />

• Clearing Corporation<br />

• Depositories<br />

• Custodians<br />

• Clearing Banks<br />

‣ Legal Liability<br />

© Confidential


IMPACT OF DISASTER AT NSE<br />

INTANGIBLE<br />

‣ Unpredictable recovery time<br />

‣ Chaotic recovery operations<br />

‣ Loss of image of organization<br />

‣ Loss of image for Indian Securities Industry<br />

‣ Increase in apprehensions of Global Investors<br />

‣ Loss of image of country<br />

© Confidential


<strong>BCP</strong> AT NSE<br />

KICK START<br />

‣ Clarity at top management for need<br />

‣ Organisation wide commitment towards<br />

objective of the Exchange<br />

‣ The FIRE project<br />

© Confidential


NSE OBJECTIVES OF <strong>BCP</strong><br />

‣ Establish a framework to develop a<br />

Business Continuity Plan.<br />

‣ Develop a cost effective and operable<br />

recovery plan<br />

‣ Minimize the impact of a disaster on an<br />

organization<br />

© Confidential


NSE : APPROACH FOR <strong>BCP</strong><br />

‣ Build <strong>BCP</strong> ; not DR<br />

‣ Develop DR site with Redundant systems<br />

‣ Follow <strong>BCP</strong> Life – Cycle<br />

‣ Emphasis on P-D-C-A<br />

© Confidential


MAJOR DECISION POINTS<br />

‣ Location at DR Site<br />

‣ Strategy<br />

– Replication of Systems<br />

– Replication of Data<br />

‣ Maximum Recovery Time for operations<br />

‣ Minimum Critical Resources<br />

© Confidential


PARAMETERS FOR LOCATION OF DR<br />

SITE<br />

‣ Different city<br />

‣ SACFA (Standing Advisory Committee for Radio-<br />

Frequency Allocation) approved<br />

‣ Easily linkable to main site via a high speed<br />

data link (optical fibre) for online-real time<br />

connectivity<br />

‣ Easily and quickly reachable from Mumbai (well<br />

connected by road/rail/air)<br />

‣ Protected from natural calamities.<br />

© Confidential


PROJECT IMPLEMENTATION<br />

‣ Development of DR Site<br />

‣ Team Plans<br />

‣ Test Plans<br />

‣ Phasing of Testing<br />

• Segment –wise<br />

• Application- wise<br />

‣ Internal mock<br />

‣ External Mock<br />

‣ Live Operation<br />

© Confidential


PROJECT IMPLEMENTATION CONT’D<br />

‣ Development of DR Site<br />

• Data Centre<br />

• Utilities UPS/AC/ DG<br />

• Hardware ; Stratus ,UNIX, Intel Servers , PC<br />

• Network; LAN, VSAT HUB, VOICE<br />

• OS/Applications/Databases<br />

• System Level Testing<br />

• Data Replication<br />

• Tape Backups at DR Site<br />

© Confidential


PROJECT IMPELMENTATION CONT’D<br />

‣ Team & Test Plan- Template based, review<br />

process<br />

‣ Testing<br />

• Over the network<br />

• On Site /Phased/ Segmented<br />

• Integrated for a given business cycle<br />

• Involve regional offices, select brokers<br />

• Involve intermediaries<br />

‣ Mock - Two Mock Sessions for each segment<br />

‣ Live - Advance intimation to brokers / regulator<br />

© Confidential


DRILL - THRILLS<br />

MONDAY - FRIDAY<br />

MUMBAI<br />

SUNDAY<br />

MUMBAI<br />

SATURDAY<br />

DR site<br />

© Confidential


<strong>BCP</strong> MAINTENANCE ISSUES<br />

‣ DR Site Maintenance<br />

• AMC / Licensing/Regulatory Clearances<br />

• Data replication: Automation/Refinements<br />

• Staffing/Multi skilling<br />

• Discipline for release of application roll outs<br />

• <strong>BCP</strong> for new systems rolled out at primary site<br />

• Plan updation<br />

• Changes in departmental teams<br />

© Confidential


NSE : <strong>BCP</strong> CURRENT STATUS<br />

‣ DR Site moved to Chennai<br />

‣ Site developed completely<br />

‣ Special arrangements for testing of Site<br />

from Mumbai<br />

‣ Site is Live<br />

© Confidential


Case Studies at www.nseit.biz<br />

• NSE<br />

• CCIL<br />

• BPCL<br />

<strong>BCP</strong> Related web sites<br />

• www.drj.com<br />

• www.drii.org<br />

• www.contingencyplanning.com<br />

© Confidential


Offering in Certifications in <strong>BCP</strong><br />

• DRI International – USA<br />

• Associate, Certified & Master <strong>BCP</strong><br />

www.drii.org<br />

• Business Continuity Institute – UK<br />

• Associate, member & fellow BCI<br />

thebci.org<br />

© Confidential


My contact<br />

ckajwadkar@nseit.biz<br />

© Confidential


© Confidential<br />

Q & A


© Confidential<br />

THANK YOU

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!