Business Continuity at CME Group

Similar documents
The PNC Financial Services Group, Inc. Business Continuity Program

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

Why Should Companies Take a Closer Look at Business Continuity Planning?

Continuity of Business

The PNC Financial Services Group, Inc. Business Continuity Program

Disaster Management and Business Continuity Plan for Bankers

BUSINESS CONTINUITY PLANNING

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Business Resiliency Business Continuity Management - January 14, 2014

Coping with a major business disruption. Some practical advice

How To Plan A Crisis Management Program

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

Monthly Metals Review

Table of Contents... 1

Appendix 3 Disaster Recovery Plan

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Business Continuity Management

Business Continuity Plan

Business Continuity Management Policy

JOB ANNOUNCEMENT. Chief Security Officer, Cheniere Energy, Inc.

Why Crisis Response and Business Continuity Plans Fail

DIR CONTRACT NO. DIR-TEX-AN-NG-CTSA-010 ATTACHMENT F-3 TO EXHIBIT F BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN FINAL VERSION

BUSINESS CONTINUITY PLAN OVERVIEW

NCUA LETTER TO CREDIT UNIONS

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Business Continuity & Recovery Plan Summary

BCP and DR. P K Patel AGM, MoF

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

BT Conferencing Business Continuity Management. Planning to stay in business

Desktop Scenario Self Assessment Exercise Page 1

How to Design and Implement a Successful Disaster Recovery Plan

Statement of Guidance

Business Continuity. Port environment

A Crisis Response, Information Sharing View of FFIEC Appendix J?

Building and Maintaining a Business Continuity Program

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

MarketAxess Business Continuity Plan Disclosure

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

BUSINESS CONTINUITY POLICY

Earning Your Security Trustmark+

Chapter 1: An Overview of Emergency Preparedness and Business Continuity

MHA Consulting. Business Continuity Management 101

Business Continuity and Disaster Planning

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Department of Defense INSTRUCTION. Reference: (a) DoD Directive , Defense Continuity Programs (DCP), September 8, 2004January 9, 2009

Business Continuity Policy

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST

AUDIT REPORT INTERNAL AUDIT DIVISION. Audit of business continuity and disaster recovery planning at UNON

Business Continuity Management

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

Business Unit CONTINGENCY PLAN

2014 NABRICO Conference

Business Continuity Plan

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Disaster Recovery Planning

Business Continuity Management

Interagency Statement on Pandemic Planning

Company Management System. Business Continuity in SIA

Security in Space: Intelsat Information Assurance

Overview. Emergency Response. Crisis Management

Business Continuity Planning for Schools, Departments & Support Units

Business continuity management policy

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Overview of Business Continuity Planning Sally Meglathery Payoff

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Business Continuity Policy and Business Continuity Management System

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Business Continuity and Disaster Recovery Planning

Temple university. Auditing a business continuity management BCM. November, 2015

An Overview of Professional Directors and Officers Liability in Disaster Preparedness and Recovery Planning

Business Continuity Policy

Datacenter Migration Think, Plan, Execute

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

DEPARTMENT OF THE NAVY HEADQUARTERS UNITED STATES MARINE CORPS 3000 MARINE CORPS PENTAGON WASHINGTON, DC

LaSalle Bank Business Continuity Best Practices

Statement of Business Continuity Management

Transcription:

1

Business Continuity at CME Group CME Group is proud of its solid Business Continuity Management program, which is central to helping mitigate potential impacts to our markets and customers. It defines procedures that safeguard the interests of all of our stakeholders, and establishes steps necessary to protect our reputation and brand, following a disruption. 2 3

In order to identify, address and reduce the impact of these risks, CME Group has implemented a streamlined data center approach, which includes moving all production systems into one datacenter and all backup systems into a second, out-of-region datacenter. The first data center is located in the Midwest region of the United States. This production datacenter houses our CME Globex electronic trading system, Clearing systems and Regulatory applications. Our second facility is located on the East Coast of the United States and houses the backup environments for these systems. BUSINESS CONTINUITY STRATEGY Overview Our team of Business Continuity Management professionals, in conjunction with groups across the company, focuses on continuing to enhance our resiliency, crisis management and disaster recovery strategies to help mitigate against three major risk categories: 1. Operational Risks which are component failures and are mitigated by implementing component redundancies. 2. Facility Risks which are events that interrupt the operation of an entire data center or office and can be mitigated by implementing redundant data centers or work sites. 3. Wide-Scale Disruptions which are events that interrupt operations in entire vicinities and are mitigated via a variety of alternate work strategies. It is important to note that CME Group would only failover from our primary to backup datacenter in the event of a catastrophic incident. Our datacenters and systems are built with multiple layers of redundancy at each level. In the event of a system component failure, we would continue to operate within our production environment by failing over affected systems and components, within that environment. In addition to recovering our systems, CME Group has identified critical staffing needs during a disruption and has established several alternate work strategies to help ensure that essential personnel are available to administer systems and processes as well as communicate with customers. Alternate worksites, work transfer and increased ability for employees to work remotely are a few of these strategies. We have successfully activated these plans several times, most recently at our New York office during Hurricane Sandy and in our Cambridge, Massachusetts, office during the Boston lockdown after the Marathon bombing. As a systemically important financial market utility, CME Group is held to the highest standard. In addition to holding ourselves to the highest standards, CME Group has been designated as a systemically important financial market utility by the Financial Stability Oversight Council so we are held to the United States Government s highest standards, too. More information about our partnerships with various government agencies can be found on page 18. 4 5

Response to Specific Situations Our business continuity management strategy is focused on mitigating risks in the event that: A region is affected; CME Group is affected, but the local area remains unaffected, and; A specific CME Group location is impacted by a situation. Our team of business continuity professionals, in collaboration with CME Group s Physical Security and Global Information Security Teams, has established an extensive framework to help protect against threats, mitigate risks and respond to / recover from events that could potential disrupt business at each of our locations, around the world. You can learn more about our relationships and collaboration with other industry members and local authorities in the Industry / Government Involvement and Collaboration section of this brochure. Open Outcry Trading Continuity Strategy In the event of a situation that renders either of our Chicago or New York trading floors unavailable, CME Group will transition the remainder of trading activity to the CME Globex electronic trading platform from the impacted trading floor. The migration of those markets that trade solely on the floor to the CME Globex electronic trading platform is part of our regular testing strategy. 6 7

Customer Outreach Program 8 9

We know that our customers have come to expect consistent and reliable operations at CME Group and a solid business continuity program is central to meeting these expectations. This year, our Business Continuity Management team introduced a customer outreach program. Participation in the program is available to all customers, including: clearing firms, CME Globex-connected customers, CME Direct clients, CME ClearPort customers, partner exchanges, co-located firms, OTC and SDR customers. Through regular communication, customers learn about our customer tests, latest developments and enhancements to our program and what s coming next at CME Group and in our industry. Additionally, we will host quarterly meetings and conference calls where our customers can network and hear from experts in the business resiliency field. Firms are strongly encouraged to join our customer outreach program and test with us at least annually. If you would like to participate, please contact bcp@cmegroup.com. We also participate in the Futures Industry Association s (FIA) October test, along with many of the major domestic and international futures exchanges and firms. Additional Information for Customers is Available on cmegroup.com: CME Globex Disaster Recovery Process CME Clearing Disaster Recovery Process CME Direct Disaster Recovery Process Our communications with firms are timely and clear, aim to familiarize customers with our business continuity and disaster recovery strategy and provide explicit information on how to connect to our systems should we need to activate plans during an emergency. We know that our customers have come to expect consistent and reliable operations at CME Group and a solid business continuity program is central to meeting these expectations. 10 11

Implementation of Full Business Continuity Plan 12 13

Overview CME Group s Business Continuity Management Program has been developed using a phased approach that is consistent with today s standard business continuity practices and aligned with the ISO 22301. We begin by performing a Risk Analysis and a Business Impact Analysis (BIA) for each business unit of the company, to determine the operational and financial repercussions of a business disruption. During the BIA, Recovery Time Objectives (RTOs) are developed to gauge criticality of business processes. From the RTOs, recovery strategies are developed into plans. In addition to employing industry-leading practices and methods, our program and plans are maintained via a variety of interconnected tools, including CMDB Configuration Management Database which is a repository that constantly monitors and collects information about our technology infrastructure and systems, helping to ensure that our teams always have the latest information and status about all of our applications. By using these tools and methods, we maintain information related to employees, applications, equipment, vendors, personnel attributes and other data that is needed to create accurate and comprehensive plans. Crisis Management and Incident Response / Regional Incident Response CME Group has also developed a Crisis Management Plan that includes plans and procedures for communicating with customers, regulators, authorities, other financial institutions and our own employees. Our Regional Incident Response Teams work to address situations that may impact specific offices or regions, and our customers and employees in those regions. These teams are composed of key leaders and support teams from each location s critical departments. Should an event impact our company, customers or employees on a larger scale, we could activate our company-wide Crisis Management Team or Logistics Incident Response Teams. These teams test and drill regularly. Life Safety Planning We have developed life and safety plans to protect our employees and our trading floor populations. Plans include evacuation, shelter-inplace and infectious disease, along with a comprehensive emergency notification strategy. Our evacuation and shelter-in-place plans are maintained by the CME Group Physical Security department and are tested by running semi-annual exercises with building management and the local fire authorities. 14 15

Global Security CME Group maintains a robust Global Security Team, tasked with providing for the safety and security of all CME Group employees, visitors, facilities and infrastructure. Among Global Security s capabilities are a 24/7 manned state-of-art command and control center maintaining constant dispatch capabilities and close partnership with the company s Business Continuity and Global Information Security Teams. Through daily interaction and communication with key federal, state, local and international law enforcement and intelligence agencies, our security team works to ensure that CME Group has access to the most up-to-date information regarding any potential threat or concern which could negatively impact our markets, employees, customers and infrastructure. Testing CME Group s Business Continuity Management Team employs a rigorous testing program. Tests are audited by the company s Internal Audit department and results are reported to Executive Management. Annual testing activities include, but are not limited to: Fail-over testing on critical trading floor applications - performed three times each year. Each year (and during several events,) our alternate work strategies have been tested or employed, including during our industry s sector-wide telecommuting test. Fail-over capabilities are tested several times each year for our trading, clearing regulatory and business systems environments. Critical business units test their recovery capabilities and plans twice annually, during data center recovery tests. Employees test remote connectivity and emergency notification systems regularly. Partner exchanges work with us to test disaster recovery procedures. 16 17

Industry/ Government Involvement & Cooperation 18 19

In today s interconnected world, there are so many interdependencies between exchanges, banks, regulators and customers that in order to be successful, we must all work together. CME Group has made it a priority to join and work with a variety of organizations focused on financial services resiliency. Some of these groups include: CME Group is regulated by various government agencies, including the United States Commodity Futures Trading Commission, the Security and Exchange Commission and the United Kingdom s Financial Conduct Authority. In addition to working closely with our regulators, we have established partnerships and relationships with: The Financial Services Sector Coordinating Council (FSSCC) one of the Department of Homeland Security s coordinating councils set up to provide homeland security and infrastructure protection. CME Group is a member of this Financial Sector council and has been a member of the committee to review the National Incident Response Plan. Federal and State Emergency Management Associations (EMAs) City and State Offices of Emergency Management Financial Services Information Sharing and Analysis Center (FS-ISAC) the industry forum for collaboration on critical security threats facing the financial services sector. ChicagoFIRST a non-profit association dedicated to Homeland Security and Emergency Management issues affecting financial institutions which require a coordinated response. It is a coalition of private sector financial institutions and several local, state and federal agencies. In addition, ChicagoFIRST has several strategic partners made up of infrastructure providers and important state and federal agencies. Futures Industry Association (FIA) the leading trade organization for the futures, options and over-the-counter cleared swaps markets. Securities Industry and Financial Markets Association (SIFMA) a leading securities industry trade group representing securities firms, banks and asset management companies. City Security and Resilience Networks the leading UK based business security and resilience membership network. We also believe that it is paramount for CME Group to take a leadership role within the industry. Over the past several years, members of our Business Continuity Management team have or currently: Serve as Chapter President for the Association of Contingency Planners (ACP) Serve as Secretary of the Board for ChicagoFIRST Serve on the Board for the Business Resumption Planners Association (BRPA) Serve as President for the Sungard Regional User Group Represent the Financial Sector on the Partnership for Critical Infrastructure Security (PCIS) Participate on the FS-ISAC Business Resiliency Committee Participate on the SIFMA Business Continuity Planning Tactical Committee Participate on the FIA Industry Test Working Group More information and a complete list of our partnerships both public and private sector can be found on our website. 20 21

Members of our Business Continuity Management team are located in Chicago, Houston, New York and London. For more information or to schedule time to speak with a member of our team, please contact us at bcp@cmegroup.com. To join our customer program, visit http://www.cmegroup.com/globex/gam-business-continuitycontact.html. 22 23

CME GROUP HEADQUARTERS CME GROUP GLOBAL OFFICES 20 South Wacker Drive Chicago, Illinois 60606 www.cmegroup.com New York Calgary Seoul London Houston Tokyo Singapore São Paulo Washington D.C. 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information