An Ounce of Prevention... Contingency Planning as a Strategic Tool
An Ounce of Prevention . . . Contingency Planning as a Strategic Tool
by D. Trent Fleming, BOL Guru
Fed Vice Chairman Roger Ferguson, in a recent speech to the Institute of International Bankers, announced that the Fed would soon be providing additional guidance to banks on disaster recovery in the event of a national event. According to Mr. Ferguson, three areas of concern arose during the September incidents, regarding bank's contingency plans:
- Backup sites too close to the main location
- Backup systems that relied on the same telecommunications or power trunks as the main location
- Failure to test backup systems adequately.
Quoted in the March 5, 2002, Wall Street Journal, Ferguson said that the Fed would likely provide updated supervisory guidance, rather than additional regulations.
To most bankers, talk of Disaster Recovery and Contingency Planning conjures up visions of thick contingency plan manuals and EDP Examinations. In reality, the twin disciplines of DR and CP are prudent business practices. As reliance on technology increases, attention to the proper functioning and recoverability of such systems is increasingly important. The good news is that it is perhaps easier than ever now to protect your systems and plan for rapid recovery.
First, turn your attention to buying systems that are inherently reliable. This includes redundant internal systems in your most important computers (servers, mid-range, main-frame systems) such as power supplies and fixed disk storage. The quality and reliability of external power to such systems is also important, as is maintaining the proper environment in the areas where these computers operate. Power conditioning, battery backup units, and proper ventilation and filtration systems are essential. Combined with regular preventative maintenance, this internal redundancy can and will improve the reliability of your systems, and minimize the potential for failure.
Although this article focuses on technology recovery, don?t forget that CP/DR is larger than just computer systems. Providing access to customer?s records, including those stored in vaults, as well as plans for how and where to physically conduct business if an office is damaged or destroyed, is also necessary to recover.
New devices, such as so-called ?Snap? servers are inexpensive, and offer another dimension to your system?s reliability. Such devices, essentially intelligent hard drive systems, have the capacity to maintain a regular backup of a critical PC server at a separate physical location on the network. In the event your main server fails, a similarly configured server can be installed on the network, and the backup of all data and programs recovered from the SNAP server in a short period of time. Such rapid recovery allows you to minimize the impact of a system failure on both employee productivity and customer service.
Other, more sophisticated technologies are available, including Storage Area Networking, which provides you with a means to combine all your system?s fixed disk storage into a single, redundant system. Further, you can add an off-site component to the Storage Area Network, so that all information stored locally is available from the remote location in the event an entire site is damaged or destroyed.
Now, let?s talk about recovery of your systems in the event that major systems are damaged, destroyed, or otherwise unusable. Such occurrences can include:
- Site damage or destruction by weather or man-made disasters
- Catastrophic equipment failure resulting in the need for new equipment
- More exotic problems such as loss of access to a site through a hazardous materials situation that does no damage, but renders the site unusable for some period of time.
In these cases, you will require a hot-site backup ? an alternate location with duplicate equipment that meets all of your processing requirements, and provides voice and data communications access. If your operation is large enough, you may have redundant equipment in multiple sites (item processing, for example), but in most cases, you will need to contract with an outside firm to provide such recovery services. Your vendor(s) will either provide such services, or recommend a third party provider.
When evaluating hot-site options, focus on two key issues:
- References from your vendor(s) and peers
- Compatibility with your equipment configuration.
You?ll also want to test annually. Be sure that the methods of testing used actually replicate a disaster situation, (such as retrieving files from your backup site, NOT your production system) and that you adequately document the results ? both good and bad -of the testing effort.
Designing the appropriate contingency and recovery strategies for your bank will require detailed planning. My intent here is to offer you insight into the process, and into new technologies that offer great promise. When you are presented with purchase orders for new equipment, ask questions about reliability and redundancy of these systems, and insist on some level commensurate with your bank?s reliance on the systems being contemplated.
NOTE: Let me take this opportunity to remind you that I am willing and qualified to assist you in addressing either of the matters mentioned above, as well as other technology, management, and strategic issues. Thank you for your consideration.
First published on BankersOnline.com 4/22/02
First published on 04/22/2002