preparing for the worst: a lesson in dr & bcp strategies for hedge funds
DESCRIPTION
Is your firm prepared for a disaster situation? Learn more about the steps to creating an effective business continuity plan and disaster recovery solution to keep your firm operational when a disaster strikes.TRANSCRIPT
Preparing for the Worst: A Lesson in DR & BCP Strategies for Hedge Funds
Agenda
The difference between DR & BCP
BCP: A look back at recent events
Four steps to business continuity planning
Disaster recovery misconceptions
Steps to creating your unique DR solution
Disaster Recovery & Business Continuity
Disaster Recovery Plan
• Details implementation/support of recovery infrastructure
• Minimizes/mitigates effects of outages/disasters
• Allows continuation/quick resumption of mission-critical functions
Business Continuity Plan
• Identifies mission-critical services, functions and personnel
• Procedures for successfully recovering people, business functions and systems
• Employee information sessions, table top exercises and testing
Disaster Recovery vs. Business Continuity
InfrastructureLayer
ManagementLayer
PolicyLayer
BC
Policies & Strategies
Risk Management
Business Continuity Plans
Validation & Testing
IT Recovery Processes
Alternative Site
Data Backup Offsite Replication
Servers Storage Network
DR
BCP
Business Continuity Planning
Past Events Japan Earthquake (2011)
UK Olympics (2012)
Hurricane Irene (2011)
San Bruno Explosion (2010)
Step 1: PANIC
Four Steps to Business Continuity Planning1. What are you protecting?
Develop Business Impact Analysis Conducted for each functional area (Research, Trading, Finance,
Operations, etc.). Detailed information about each function’s business requirements
during normal business operations vs. disaster. Identifies critical steps subsequent to a disaster.
A company’s ability to recover is directly related to the preparations done prior to a disaster occurring.
Four Steps to Business Continuity Planning2. How are you going to protect?
Determine Recovery Strategies Scenario 1: Building is still standing but closed to tenants. Scenario 2: Building has been damaged and/or lost power. Scenario 3: Regional impact to the primary office location area.
Establish Communication Procedures Internally: Employees and employee families Externally: Investors, prime brokers, custodians, media, vendors,
etc. Resources: Manual call trees, automated notification system,
conference bridge, wallet cards, etc.
Four Steps to Business Continuity Planning3. Educate employees.
Employee Information Sessions Provide overview of the company’s business continuity and
disaster recovery procedures. Distribute employee recovery procedures, quick reference cards,
wallet cards. Agenda should be focused on employee responsibilities during a
disaster.
Table Top Exercise Scenario based. Informal brainstorming session. Walk through of the company’s business continuity and disaster
recovery procedures.
Four Steps to Business Continuity Planning4. Validation.
Testing Disaster recovery procedures and/or data center. Alternate site. Remote access (home). Distribute test plans for participants. Develop test summary.
Disaster Recovery Planning
Disaster Recovery MisconceptionsDR system testing is unnecessary.
DR documentation is not necessary to read until a disaster strikes.
Third-party vendor communication is not a crucial aspect of DR.
If you have a DR solution in place, you don’t need a BCP plan.
1. Create the scope for disaster recovery.Identify your critical systems:
File shares
Mobile Devices
Accounting
Trading
Voice
2. Identify design requirements (RPO).
Recovery Point Objective (RPO)– The RPO is the point in time to which you must recovery
data as defined by your organization.– This is generally a definition of what an organization
determines is an “acceptable loss” in a disaster situation.
• Nightly backupsRPO = 24 hrs
• SnapshotsRPO < 4 hrs
• Continuous replicationRPO = 0
3. Identify design requirements (RTO).
Recovery Time Objective (RTO)– The RTO is the duration of time and a service level within
which a business process must be restored after a disruption in order to avoid unacceptable consequences associated with a break in business continuity.
– It includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users.
• Restore from backupsRTO > 24 hrs
• Hot standbyRTO < 4 hrs
• High availabilityRTO = 1 hour
4. Choose Your DR Method. Traditional Server DR
DR in the Cloud
Traditional DR DR in the Cloud
Cost
Hardware Lifecycle
Ownership
Power/Cooling
Resource Allocation
5. Choose a data center location/facility.Example of a Class 1 data center in Boston:– High security, fully redundant infrastructure: power feeds, fire and HVAC
systems– N+1 infrastructure redundancy throughout– Multiple entry fiber paths– Power supply of up to 100 watts/sq. ft. in place– Multiple power grids for redundant power– Floor-load capacity of 150 lbs./sq. ft.– Line of site for rooftop antennas– 24-hour manned security, cameras and digital
monitoring– Up to 24-day fuel supply on site– Unsurpassed diversity through our 30 network providers– 22 generators and 90,000 gallons of diesel fuel on site
Eze Castle Integration OverviewFounded 1995
Headquarters
Additional Offices
260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110
Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City, San Francisco, Singapore and Stamford
Core Services
• Strategic IT Consulting• Outsourced IT Solutions• Professional Services• Project & Technology Management• Communications Solutions• Network Design & Management• Internet Service
• Private Cloud Services• Business Continuity Planning• Disaster Recovery• Compliance Solutions• Storage Solutions• Colocation Services• E-Mail & IM Archiving
Awards Received
Learn more at www.eci.com.
260 Franklin Street, 12th floor Boston, MA 02110 Tel: 617-217-3000 www.eci.com