Central Bank of India. Business Continuity Management Policy

Size: px

Start display at page:

Download "Central Bank of India. Business Continuity Management Policy"

Phyllis Ashlynn Barber
10 years ago
Views:

1 Central Bank of India Business Continuity Management Policy DataCenter Version 1.0 February 2012

2 Table of Contents 1. Purpose Objective Scope Policy Statement Top Management Commitment... 4 Page 2 of 5

3 1. Purpose The Purpose of Business Continuity Management Policy is: To enable Central Bank Of India (henceforth referred as CBI) to provide continuity of critical IT Systems in the event of an emergency/disruption with minimal impact To enhance CBI s reputation by protecting interest of its key customers, stakeholders and employees by demonstrating a proactive attitude that will lead to continuity of operations/services even in the case of a disaster To ensure CBI s meets its all legal, regulatory and compliance requirements. 2. Objective The objective of Business Continuity Management Policy is to enable CBI in establishing organisational survival & continuity capability against emergency/disaster events thereby ensuring:- Profits and Shareholder Value are maintained and do not suffer significant deterioration Operations are not adversely affected, thus maintaining the quality of service to customers Customer expectations continue to be met, or managed, in such a way that customers are retained and new business opportunities met Reputation and image to stakeholders and the public are not negatively affected following business disruption Compliance to all regulatory guidelines( RBI) and directives is maintained Page 3 of 5

continuity of operations/services even in the case of a disaster To ensure CBI s meets its all legal, regulatory and compliance requirements. 2.

4 3. Scope The Business Continuity Management System applies to Central Bank of India Data Centre at Navi Mumbai and Disaster Recovery Centre at Hyderabad that includes CBS Systems, ATM Switch, Payment Systems, Treasury Servers, HRMS, Single Data Repository of Central Bank of India and Regional Rural Banks sponsored by Central Bank of India, for continuous and reliable services covering critical aspects of people, process and technology, supported through legal regulatory, facilities management and IT operations. The scope of Business continuity is limited to IT systems within Data Centre at Navi Mumbai and Disaster Recovery Centre at Hyderabad 4. Policy Statement CBI recognizes the strategic, operational, financial, and reputational and stakeholder support risks associated with the service interruptions and the importance of maintaining viable capability to continue CBI s business processes with minimum impact in event of an emergency. The CBI Business Continuity is applicable to all CBI staff, facility and IT systems in Data centre located at Belapur, Navi Mumbai. CBI shall be prepared for scenarios including, but not limited to natural disaster, power outage, and hardware and data availability. Day-to-day operational problems such as minor computer equipment malfunctions, data loss, and employee leave (like emergency medical/sick leave) are excluded as business continuity disasters in the context of this plan. 5. Top Management Commitment Top management shall guide, support and participate in the all phase of continuity assurance program as per the requirements. They shall assume the ownership for program success & outcome, and shall ensure adequate time & resources are committed to the development of the program. Resources could include both financial considerations and the effort of all personnel involved. The Business Continuity Management policy shall be reviewed at the time of any major change(s) in the existing IT infrastructure environment affecting policies and procedures or on an Annual basis, whichever is earlier. Page 4 of 5

aspects of people, process and technology, supported through legal regulatory, facilities management and IT operations.

5 It is the policy of the CBI to ensure that: 1. Program shall be owned by the Senior / Executive Management 2. Program shall be in alignment with the CBI s strategic objectives, priorities and requirements 3. Program shall ensure compliance to all legal/regulatory requirements applicable to CBI 4. Program shall be supported by well-defined organization structure with clear defined roles & responsibilities 5. All identified IT Systems shall be subjected to Business Impact Analysis (BIA) exercise to establish business recovery priorities and requirements 6. Business continuity risks shall be identified, assessed and treated for identified critical IT Systems, technology assets and supporting infrastructure elements 7. Continuity strategies shall be defined and implements for all identified business critical IT Systems, technology assets and supporting infrastructure elements based on established recovery requirements and risks exposure 8. Business Continuity & Disaster Recovery, and Emergency Management Plan shall be developed & maintained as part of the program 9. Detailed recovery procedures shall be documented and maintained for implemented recovery strategies 10. Identified teams/stakeholders shall be provided adequate training & support for fulfilling their roles & responsibilities 11. Plan owners shall be responsible to carrying out periodic test to ensure their plans are viable, effective and meet the recovery objective 12. All program components including processes, plans and other deliverables shall be reviewed periodically for changes, updates & improvement, and maintained 13. Periodic audits shall be conducted to ensure compliance to established program policy, framework and processes 14. All managers are responsible for implementing the policy within their areas of responsibility and own all resulting business continuity plans 15. Business continuity considerations shall be taken into consideration as part of all new projects implementations/rollouts Page 5 of 5

Program shall be supported by well-defined organization structure with clear defined roles & responsibilities 5.

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand