ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1



Similar documents
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

BCP and DR. P K Patel AGM, MoF

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Business Continuity Glossary

BUSINESS CONTINUITY OVERSIGHT EXPECTATIONS FOR SYSTEMICALLY IMPORTANT PAYMENT SYSTEMS (SIPS)

NHS 24 - Business Continuity Strategy

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Planning Process

What is Business Continuity Planning (BCP) / Disaster Recovery Plan(DRP)?

Disaster Management and Business Continuity Plan for Bankers

Temple university. Auditing a business continuity management BCM. November, 2015

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Statement of Guidance

MHA Consulting. Business Continuity Management 101

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Company Management System. Business Continuity in SIA

Guideline on Business Continuity Management

Leveraging the IT Service Continuity Management framework Gord Novoselnik Business Continuity Office Enterprise Solutions Division

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

How To Manage A Disruption Event

HB A Practitioners Guide to Business Continuity Management

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity Planning and Disaster Recovery Planning

Supervisory Policy Manual

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

IT Disaster Recovery Plan Template

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Emergency Response and Business Continuity Management Policy

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

Disaster Recovery. Hendry Taylor Tayori Limited

Tips and techniques a typical audit programme

How To Assess A Critical Service Provider

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Prudential Practice Guide

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Finding the areas for improvement in plans, processes and procedures to protect shareholder value Performance driven. Quality assured.

Disaster Recovery Plan Documentation for Agencies Instructions

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Business Continuity Management. Christoph Stute Guatemala March 2012

Interactive-Network Disaster Recovery

November 2007 Recommendations for Business Continuity Management (BCM)

Chapter I: Fundamentals of Business Continuity Management

Business Continuity Planning. A guide to loss prevention

Principles for BCM requirements for the Dutch financial sector and its providers.

Technology Recovery Plan Instructions

External Supplier Control Requirements BCM

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

ASX SETTLEMENT OPERATING RULES Guidance Note 10

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

SAMPLE IT CONTINGENCY PLAN FORMAT

CISM Certified Information Security Manager

Prudential Practice Guide

Business Continuity Management

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Business Continuity and Disaster Recovery Planning

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Business Continuity Plan

State of South Carolina Policy Guidance and Training

Business Continuity Glossary by DRJ

High-level principles for business continuity

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Flinders University IT Disaster Recovery Framework

The PNC Financial Services Group, Inc. Business Continuity Program

Ohio Conference for Payroll Professionals Disaster Recovery

Information Services IT Security Policies B. Business continuity management and planning

Coping with a major business disruption. Some practical advice

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

Ohio Supercomputer Center

Business Resiliency Business Continuity Management - January 14, 2014

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

BUSINESS CONTINUITY PLAN

Business Continuity Management

How to Design and Implement a Successful Disaster Recovery Plan

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity Business Continuity Management Policy

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Why Should Companies Take a Closer Look at Business Continuity Planning?

Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations

Guidance Note XGN XXX.1

Basel Committee on Banking Supervision. The Joint Forum. High-level principles for business continuity. Consultative document

I.T. Disaster Recovery Plan

Domain 3 Business Continuity and Disaster Recovery Planning

Transcription:

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market infrastructures, providing consistent and commonly agreed definitions for some of the most frequently used terms in national and EU-wide standards. The aim of having such a glossary is twofold: (i) to allow the ESCB to use consistent definitions of terms in its own business continuity planning and procedures; and (ii) to enable market infrastructures and other interested parties, especially those with a cross-border presence, to take account of the generally accepted terms used by the central banking community in their own business continuity plans and procedures. Unless otherwise indicated on their individual websites, all 27 national central banks of the ESCB apply the definitions contained in this glossary. 2 However, this is not the case for other central banks or entities other than central banks. The definitions below have been agreed at the level of the ESCB and are based on the following sources: 1) Business continuity oversight expectations for systemically important payment systems (SIPS), ECB, June 2006; 2) ECB glossary of terms (developed and used for the ECB s business continuity management); 3) Glossary of General Business Continuity Management Terms, Business Continuity Institute (BCI), December 2002; 4) Business Continuity Glossary, Disaster Recovery Journal (DRJ) and Disaster Recovery Institute International (DRII); and 5) High-level principles for business continuity, Joint Forum, Basel Committee on Banking Supervision, August 2006. 1 DISCLAIMER: These terms have been developed in relation to ESCB business continuity information-sharing for market infrastructures. 2 National definitions posted on the business continuity sections of the websites of individual nationalentral banksgreed ESCB definitions.uch cases, the individual national central banks should explain the rationale for such differences on their own websites. - 1 -

General terms business contingency business continuity business continuity management (BCM) business continuity management team business continuity plan business continuity strategy crisis management Testing simulation exercise test walkthrough Technical and organisational backup procedures, as part of a business continuity process, aimed at providing limited services (e.g. for particularly critical payment transactions such as CLS payments) during the outage period (usually by means of alternative or additional measures or procedures). A state of uninterrupted business operations. This term also refers to all of the organisational, technical and staffing measures employed in order to: (i) ensure the continuation of core business activities in the immediate aftermath of a crisis; and (ii) gradually ensure the continued operation of all business activities in the event of sustained and severe disruption. A holistic management process that identifies potential risks to an organisation and provides a framework for establishing resilience in order to ensure that the organisation is able to respond effectively in the event of a crisis and safeguard its reputation, brand and value-creating activities and the interests of key stakeholders. A group of people with defined roles and responsibilities as regards the implementation of the business continuity plan. A clearly defined and documented plan for use in the event of a business continuity emergency, disaster or crisis. Also referred to as a disaster recovery plan (DRP). A strategy adopted by an organisation in order to ensure its recovery and continuity in the event of a disaster or other major outage. Plans and methodologies are determined by this strategy. There may be more than one means of carrying out an organisation s strategy (e.g. an internal or external hot or cold site, an alternative work area, a reciprocal agreement, mobile recovery, quick/drop shipping or consortium-based solutions). The process by which an organisation manages the wider impact of a business continuity emergency, disaster or crisis by seeking to control or contain the situation without affecting the organisation or, where this proves not to be possible, implementing its business continuity plan. The execution of a business continuity plan in a specific simulated scenario with the intention of testing the effectiveness of the plan and the preparedness of the organisation and/or highlighting areas where the plan requires further development. This activity is performed with the aim of training team members, improving their performance and evaluating the business continuity plan.types of exercise include: tabletop exercises, simulation exercises, operational exercises, mock disasters, desktop exercises and full rehearsals. The carrying out of one or more parts of a business continuity plan in order to ensure that the plan contains the appropriate information and produces the desired result. A test differs from an exercise in that a test occurs at a real site, whereas an exercise is generally a simulation. A walkthrough is a thought experiment that seeks to discover the likely outcome(s) of an event on the basis of starting conditions, surrounding conditions and the effects of decisions. In the context of business continuity, a walkthrough seeks: (i) to ensure that business continuity plans are fit for purpose; (ii) to assess a team s - 2 -

Recovery and resumption recovery recovery point objective recovery time objective (RTO) resumption Sites load-sharing data centres secondary site information exchange and decision-making; and (iii) to identify any gaps. The restarting of specific business operations following a disruption, with such operations reaching a level sufficient to meet outstanding business obligations. The point in time to which work should be restored (e.g. the start of the day) following a business continuity emergency, disaster or crisis that interrupts or disrupts business operations. The period of time within which systems, applications or functions should be restarted following an outage (e.g. one business day). RTOs are often used as a basis for the development of recovery strategies and a means of determining whether or not to implement specific recovery strategies in a disaster situation. The process of planning for and/or implementing the restarting of defined business functions and operations following a disaster. Two (or more) data centres running IT tasks on an equal basis. Both are productive in normal situations and they carry out the same amount of work. Both data centres are designed with sufficient capacity margins to be able to take on the complete workload of the other data centre should it fail. A location other than the primary site which can be used for the resumption of business operations and other functions in the event of a disaster, a major system or infrastructure malfunction or an inability to access the primary site. A secondary site can be used: in the narrower sense for the replication of programs and data in order to safeguard data integrity, with the replicated data being stored externally to ensure the resumption of business operations following the destruction or loss of data; or in the broader sense for the maintenance of a comprehensive alternative system (i.e. a fallback system comprising hardware, software and data) to cater for the possibility of the production system not being available. In the event that the fallback system is located in the vicinity of the production system and a third system in another location is reserved for emergencies and disasters, the latter is referred to as the disaster system. A secondary site can be cold or hot. Cold site: An alternative facility that already has in place the basic infrastructure required to recover critical business functions or information systems, but does not have any preinstalled computer hardware, telecommunications equipment, communication lines, etc. These must therefore be installed at the time of the disaster. Hot site: An alternative facility that is already equipped with the computer, telecommunications and environmental infrastructure required to allow critical business functions to continue with minimal delay in the event of a disaster. Also referred to as an alternative site, a backup site or a load-sharing data centre. - 3 -

Events crisis disaster disruption emergency fallback outage Critical functions business impact analysis (BIA) core business activities critical functions single point of failure An event that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of an organisation. Any unplanned interruption to one or more mission-critical business functions for an unacceptable period of time. A disaster can be large-scale/major, regional or local. Large-scale/major disaster: An event affecting a large metropolitan or geographical area that causes wide-scale disruption to the normal business operations of financial industry participants and other commercial entities. This may lead to areas within a given radius of the location of the event being evacuated or becoming inaccessible. Regional disaster: A disaster affecting a whole region with the same risk profile. Local disaster: A disaster the direct adverse effects of which are limited to a geographical area with a maximum radius of a few kilometres. A breakdown in the continuity or functions of a system or organisation which prevents it from completing its tasks. Large-scale/major operational disruption (MOD): High-impact disruption to normal business operations affecting a large metropolitan or geographical area and the adjacent communities economically linked with it. In addition to impeding the normal operations of financial industry participants and other commercial organisations, major operational disruptions typically affect physical infrastructure. This kind of incident requires the implementation of the business continuity plans of more than one organisation. An actual or impending situation that may cause injury, the loss of life or the destruction of property or may interfere with or disrupt an organisation s normal business operations to such an extent that it poses a threat. Workaround procedures to be used in the event that normal business procedures cannot be conducted because supporting systems are not available. Period of time after disruption that a service, system, process or business function is expected to be unusable or inaccessible. A structured procedure measuring the financial and operational consequences of disruption over time. Business processes on which an organisation depends for the achievement of its goals. The unavailability of such processes, even in the short term, would seriously threaten the existence of the organisation or (in the case of public authorities) fundamentally jeopardise the execution of sovereign functions and endanger the stability of the financial system. Business activities or information that could not be interrupted or remain unavailable for several business days without incurring significant financial losses, damaging the reputation of the organisation or significantly jeopardising its operations. A situation in which a service, activity or process is provided by one single source, the failure of which would lead to the total failure of a critical function. - 4 -

Critical entities critical (infrastructure) participant critical (market) infrastructure critical provider of services and utilities An entity identified by the system or infrastructure as posing a threat in that there would be a significant risk of major disruption to the system or financial infrastructure were that entity unable to perform its normal operations. Also known as a major participant, relevant participant, core participant, systemically important participant or major player. Any of the entities listed below: systemically important payment systems; securities settlement systems; central counterparties; and other critical infrastructure related to payment and settlement systems in accordance with national definitions. A provider of services, goods and solutions that is critical in that there would be a significant risk of major disruption to systems or infrastructure were that provider unable to perform its normal activities. - 5 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information