IDRBT BCP 240104.pdf
IDRBT BCP 240104.pdf
IDRBT BCP 240104.pdf
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
BUSINESS CONTINUITY PLANNING (<strong>BCP</strong>)<br />
NSE Case Study<br />
NSE.IT Limited<br />
C.Kajwadkar<br />
January 24, 2004<br />
© Confidential<br />
© Confidential
Agenda<br />
•About NSE.IT<br />
• Need for <strong>BCP</strong><br />
• <strong>BCP</strong> @ NSE<br />
© Confidential
NSE.IT – Profile<br />
• Formed in October 1999<br />
• 100% subsidiary of the National Stock Exchange of India<br />
Ltd.,<br />
• Provides all IT services including <strong>BCP</strong> to NSE<br />
• Products /Services to External Customers for :<br />
– Front- office s/w for Brokerage firms<br />
– IT infrastructure<br />
– Turnkey Projects<br />
–<strong>BCP</strong><br />
– Extensive experience on major Hardware and Software<br />
Platforms<br />
© Confidential
NSE.IT – Key Customers<br />
• National Stock Exchange<br />
– All IT services<br />
– S/W development<br />
– IT Infrastructure<br />
– Telecom . LAN /WAN / Sys admin / DBA<br />
–<strong>BCP</strong><br />
• Union Bank of India:<br />
– Data Center Development<br />
© Confidential
NSE.IT – Key Customers<br />
• Clearing Corporation of India Limited:<br />
– IT infrastructure consultancy<br />
– Facilities management<br />
– Web site development & maintenance<br />
–<strong>BCP</strong><br />
• Bharat Petroleum Corporation Limited<br />
– <strong>BCP</strong> for SAP R/3<br />
• IDBI Capital Market Services<br />
– Turnkey projects, Risk management<br />
•NCDEX<br />
© Confidential
Need for A Business Continuity Plan<br />
‣ Ability to serve customers<br />
‣ Avoidance of Direct /Indirect losses<br />
‣ Ever Increasing reliance on Information<br />
Technology<br />
‣ Continuity in business operations<br />
© Confidential
Definition<br />
DISASTER IS AN EVENT WHICH CAUSES<br />
UNACCEPTABLE DISRUPTION OF BUSINESS<br />
OPERATIONS FOR AN UNACCEPTABLE PERIOD<br />
OF TIME.<br />
© Confidential
Risks : Relative Outages<br />
Power Outage<br />
25%<br />
Other<br />
2%<br />
Software Error<br />
5%<br />
Service Failure<br />
1%<br />
Hardware Error<br />
8%<br />
Human Error<br />
2%<br />
Flood<br />
10%<br />
Burst Water Pipe<br />
1%<br />
Bombing<br />
7%<br />
Network Outage<br />
2%<br />
Employee Sabotage<br />
3%<br />
Power Surgef Spike<br />
3%<br />
Hurricane<br />
6%<br />
Fire<br />
8%<br />
Earthquake<br />
6%<br />
Storm Damage<br />
11%<br />
© Confidential
… Biggest Risk<br />
THE BIGGEST SINGLE RISK TO BUSINESS<br />
CONTINUITY IS THE LACK OF CONVICTION THAT<br />
A RISK ACTUALLY EXISTS<br />
IT’LL NEVER<br />
HAPPEN TO ME !!!<br />
© Confidential
System Failure causing long term problems<br />
Lost Productivity<br />
88.9%<br />
Significant Long Term Problems<br />
End - user managemnt<br />
dissatisfaction<br />
Customer dissatisfaction<br />
Overtime<br />
Lost revenues<br />
Lost transactions<br />
Lost customers<br />
Penalties or fines<br />
7.6%<br />
23.1%<br />
34.4%<br />
41.8%<br />
59.3%<br />
66.9%<br />
87.1%<br />
Other<br />
0.9%<br />
0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0<br />
Percentage<br />
%<br />
Percentage<br />
© Confidential
© Confidential<br />
Computer down - time cost ($ per occurance)<br />
451<br />
412<br />
354<br />
263<br />
145<br />
Securities<br />
Manufacturing<br />
Banking<br />
140<br />
106<br />
330<br />
Retail<br />
Insurance<br />
All industry average<br />
0 100 200 300 400 500<br />
$Thousands<br />
Telecommunications<br />
Travel / Transportation<br />
Companies
Technology<br />
Strategic Risk Management Plan<br />
Crisis Management<br />
Strategic<br />
Approach<br />
Bus. Units Bus. Units Bus. Units Bus. Units Bus. Units<br />
Cause<br />
Clients and<br />
Others<br />
Competitive<br />
Environment<br />
Economic<br />
Cycle<br />
Information<br />
Natural<br />
Disaster<br />
Personnel<br />
Policy/<br />
Methodology<br />
Regulatory<br />
Political<br />
Reputation<br />
Brand<br />
Suppliers<br />
Replacement Cost Legal Regulatory<br />
Business Reputation Business Interruption<br />
Consequence<br />
Risk Mitigation Options<br />
Risk Responses (monitor & maintain)<br />
Risk<br />
Mitigation<br />
Business Continuity Responses<br />
© Confidential
Life Cycle of Business Continuity Plan<br />
Revisions &<br />
Modifications<br />
Plan Maintenance<br />
Business<br />
Impact<br />
Analysis<br />
Strategy<br />
Selection<br />
Detailed<br />
Plan<br />
Testing<br />
Stage 1 Stage 2 Stage 3<br />
© Confidential
Business Recovery Team Organization<br />
Business Recovery Team<br />
Administrative Team Technical Team Department Teams<br />
Insurance<br />
Transport<br />
Public Relations<br />
Personnel<br />
Legal<br />
Procurement<br />
Office Facilities<br />
Premises<br />
Hardware<br />
Software<br />
Communications<br />
Peripherals<br />
Cabling<br />
Department<br />
Department Plan<br />
Department Plan<br />
Plan<br />
© Confidential
A Case Study<br />
<strong>BCP</strong> @ NSE<br />
© Confidential
NSE : A TYPICAL BUSINESS DAY<br />
HEALTH CHECKS<br />
BACK UPS<br />
TRADING<br />
REPORTS<br />
CLEARING & SETTLEMENT<br />
© Confidential
HUB<br />
ANTENNA<br />
INSAT –3B<br />
Mainframe<br />
© Confidential
IT- INFRASTRUCTURE<br />
Trading Model<br />
INSAT - 3B<br />
Extend. C-Band<br />
16 th Transponder<br />
( 6857 - 6875 Mhz)<br />
512kbps<br />
76.8 Kbps<br />
ODU<br />
(Out Door Unit)<br />
LNBC<br />
(Low Noise Block Converter)<br />
ODU<br />
RFT<br />
Radio Frequency<br />
Transmission)<br />
X.25<br />
Cloud<br />
IFL Cables<br />
HOST<br />
Trader Worker Station<br />
© Confidential<br />
IDU<br />
VSAT HUB<br />
STRATUS
POST TRADE : BUSINESS CYCLE<br />
NSE<br />
NSCCL<br />
CLEARING<br />
BANKS<br />
DEPOSITORIES<br />
CLEARING MEMBERS /<br />
CUSTODIANS<br />
© Confidential
Clearing Banks<br />
Custodians<br />
INSAT - 3B<br />
National<br />
Depository<br />
N S E N E T<br />
NSE Regional Clearing House<br />
DELHI/CHENNAI/CALCUTTA<br />
FUNDS & SECURITIES<br />
• Obligations<br />
• Deliveries<br />
Extranet<br />
Clearing<br />
Front End<br />
(Gupta SQL)<br />
• 120 Screens<br />
• 160 Reports<br />
• 120 Batch Routine<br />
Near 1 m LOC<br />
• Total 1.5 TB of<br />
Database<br />
NCSS Production<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
POST-TRADE<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
DEC<br />
ALPHA<br />
UNIX<br />
+<br />
ORACLE 8i<br />
H P<br />
9000<br />
Listing Database<br />
LOTUS NOTES<br />
SERVER<br />
STRATUS<br />
INTERNET/<br />
WEB SERVER<br />
Online Surveillance System<br />
3 Com E/NET SWITCH<br />
AND LAN HUBS<br />
Trading System<br />
© Confidential
KEY IT APPLICATION<br />
‣ Trading<br />
‣ Clearing and settlement<br />
‣ Membership<br />
‣ Listing<br />
‣ Surveillance<br />
‣ Position Monitoring<br />
‣ Risk Management<br />
‣ Data Warehouse<br />
‣ Extranet<br />
‣ On Line Certification (NCFM)<br />
© Confidential
Server<br />
Server<br />
Server<br />
Server<br />
Technology behind NSE<br />
DTU<br />
CTCL Setup<br />
CUSTODIANS<br />
CLRG. BANK<br />
INFO VENDORS<br />
64 Kbps<br />
Leased<br />
Line<br />
NSE-NET<br />
NET<br />
INSAT-3B<br />
VSAT<br />
REGIONAL CLRNG.<br />
HOUSES<br />
DISASTER<br />
DISASTER<br />
BACKUP BACKUP<br />
SITE SITE<br />
IVR<br />
System<br />
HELP DESK<br />
Codex<br />
Modems<br />
Newbridge<br />
2Mbps Muxes<br />
HUB ANTENNA<br />
(7.1 mtrs.)<br />
NMS<br />
GE SPACENET<br />
HUB PROC.<br />
TRADER<br />
WORK STNS<br />
(TWS)<br />
WDM<br />
IDU<br />
NSE CORP.<br />
NSE CORP.<br />
N/W<br />
N/W<br />
EICON X.25<br />
Server<br />
NSE<br />
CMOFFICES<br />
DEPOSITORY<br />
DEPOSITORY<br />
X.25<br />
Switches<br />
(Motorola)<br />
TRADING FACILITY<br />
AT NSE<br />
EICON X.25 Server<br />
LOTUS NOTES<br />
SERVER<br />
INTERNET/<br />
WEB SERVER<br />
3 Com E/NET SWITCH<br />
AND LAN HUBS<br />
&<br />
NSCCL<br />
NSCCL<br />
© Confidential<br />
© Confidential<br />
HP-9000 (K 400)<br />
BACK OFFICE<br />
SYSTEM<br />
PRODN. HOT DEVPT. HISTORY<br />
SURVEILLANCE<br />
STANDBY<br />
SYSTEM<br />
DEC-ALPHA<br />
CLEARING & SETTLEMENT SYSTEMS<br />
STRATUS<br />
Prodn.<br />
&<br />
Devpt.
NSE NETWORK SPREAD<br />
• No. of Cities 360<br />
• No. of VSATs 2900<br />
• Leased Lines 952<br />
© Confidential
NSE MARKET SEGMENTS<br />
• CAPITAL MARKET<br />
• DERIVATIVES<br />
-Index Futures<br />
-Index Option<br />
-Stock Futures<br />
-Stock Option<br />
• WHOLESALE DEBT MARKET (WDM)<br />
© Confidential
NSE TODAY<br />
‣ DAILY AVERAGE TURNOVER (Rs.Crores)<br />
CAPITAL MARKET – Rs.5000<br />
DERIVATIVES - Rs.10000<br />
WDM - RS.3500<br />
© Confidential
NSE TODAY<br />
‣ AVERAGE NUMBER OF CONCURRENT<br />
USERS IN SYSTEM<br />
• Capital market 8000<br />
• Derivatives 4000<br />
© Confidential
IMPACT OF DISASTER AT NSE<br />
TANGIBLE<br />
‣ Loss of turnover fees<br />
‣ Loss of brokerage charges to brokers<br />
‣ Loss of earnings for<br />
• Clearing Corporation<br />
• Depositories<br />
• Custodians<br />
• Clearing Banks<br />
‣ Legal Liability<br />
© Confidential
IMPACT OF DISASTER AT NSE<br />
INTANGIBLE<br />
‣ Unpredictable recovery time<br />
‣ Chaotic recovery operations<br />
‣ Loss of image of organization<br />
‣ Loss of image for Indian Securities Industry<br />
‣ Increase in apprehensions of Global Investors<br />
‣ Loss of image of country<br />
© Confidential
<strong>BCP</strong> AT NSE<br />
KICK START<br />
‣ Clarity at top management for need<br />
‣ Organisation wide commitment towards<br />
objective of the Exchange<br />
‣ The FIRE project<br />
© Confidential
NSE OBJECTIVES OF <strong>BCP</strong><br />
‣ Establish a framework to develop a<br />
Business Continuity Plan.<br />
‣ Develop a cost effective and operable<br />
recovery plan<br />
‣ Minimize the impact of a disaster on an<br />
organization<br />
© Confidential
NSE : APPROACH FOR <strong>BCP</strong><br />
‣ Build <strong>BCP</strong> ; not DR<br />
‣ Develop DR site with Redundant systems<br />
‣ Follow <strong>BCP</strong> Life – Cycle<br />
‣ Emphasis on P-D-C-A<br />
© Confidential
MAJOR DECISION POINTS<br />
‣ Location at DR Site<br />
‣ Strategy<br />
– Replication of Systems<br />
– Replication of Data<br />
‣ Maximum Recovery Time for operations<br />
‣ Minimum Critical Resources<br />
© Confidential
PARAMETERS FOR LOCATION OF DR<br />
SITE<br />
‣ Different city<br />
‣ SACFA (Standing Advisory Committee for Radio-<br />
Frequency Allocation) approved<br />
‣ Easily linkable to main site via a high speed<br />
data link (optical fibre) for online-real time<br />
connectivity<br />
‣ Easily and quickly reachable from Mumbai (well<br />
connected by road/rail/air)<br />
‣ Protected from natural calamities.<br />
© Confidential
PROJECT IMPLEMENTATION<br />
‣ Development of DR Site<br />
‣ Team Plans<br />
‣ Test Plans<br />
‣ Phasing of Testing<br />
• Segment –wise<br />
• Application- wise<br />
‣ Internal mock<br />
‣ External Mock<br />
‣ Live Operation<br />
© Confidential
PROJECT IMPLEMENTATION CONT’D<br />
‣ Development of DR Site<br />
• Data Centre<br />
• Utilities UPS/AC/ DG<br />
• Hardware ; Stratus ,UNIX, Intel Servers , PC<br />
• Network; LAN, VSAT HUB, VOICE<br />
• OS/Applications/Databases<br />
• System Level Testing<br />
• Data Replication<br />
• Tape Backups at DR Site<br />
© Confidential
PROJECT IMPELMENTATION CONT’D<br />
‣ Team & Test Plan- Template based, review<br />
process<br />
‣ Testing<br />
• Over the network<br />
• On Site /Phased/ Segmented<br />
• Integrated for a given business cycle<br />
• Involve regional offices, select brokers<br />
• Involve intermediaries<br />
‣ Mock - Two Mock Sessions for each segment<br />
‣ Live - Advance intimation to brokers / regulator<br />
© Confidential
DRILL - THRILLS<br />
MONDAY - FRIDAY<br />
MUMBAI<br />
SUNDAY<br />
MUMBAI<br />
SATURDAY<br />
DR site<br />
© Confidential
<strong>BCP</strong> MAINTENANCE ISSUES<br />
‣ DR Site Maintenance<br />
• AMC / Licensing/Regulatory Clearances<br />
• Data replication: Automation/Refinements<br />
• Staffing/Multi skilling<br />
• Discipline for release of application roll outs<br />
• <strong>BCP</strong> for new systems rolled out at primary site<br />
• Plan updation<br />
• Changes in departmental teams<br />
© Confidential
NSE : <strong>BCP</strong> CURRENT STATUS<br />
‣ DR Site moved to Chennai<br />
‣ Site developed completely<br />
‣ Special arrangements for testing of Site<br />
from Mumbai<br />
‣ Site is Live<br />
© Confidential
Case Studies at www.nseit.biz<br />
• NSE<br />
• CCIL<br />
• BPCL<br />
<strong>BCP</strong> Related web sites<br />
• www.drj.com<br />
• www.drii.org<br />
• www.contingencyplanning.com<br />
© Confidential
Offering in Certifications in <strong>BCP</strong><br />
• DRI International – USA<br />
• Associate, Certified & Master <strong>BCP</strong><br />
www.drii.org<br />
• Business Continuity Institute – UK<br />
• Associate, member & fellow BCI<br />
thebci.org<br />
© Confidential
My contact<br />
ckajwadkar@nseit.biz<br />
© Confidential
© Confidential<br />
Q & A
© Confidential<br />
THANK YOU