GRC Controllers




Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X

click here to

Subscribe to our newsletter



To Unsubscribe click here

Disaster management system must be in place to preserve data transaction integrity



Do you have a sustainable Business Continuity Plan (BCP), Disaster Recovery Site (DRS) to maintain data and transaction integrity in your Primary Data Centre (PDC). Can you guarantee that both DRS and PDC are not affected by the same disasters? Do you have plans for a Near Site (NS) Compliance to ensure zero data loss?

Companies must have a Business Continuity Plan (BCP) and Disaster Recovery Site (DRS) so as to maintain data and transaction integrity in their Primary Data Centre (PDC) -- to ensure that both DRS and PDC are not affected by the same disasters. Several oversight authorities and stakeholders have issued the market regulator's guidelines on the issues.

Apart from DRS Companies should also have a Near Site (NS) to ensure zero data loss.

Data and transaction integrity
In the event of disaster, the disruption in business, trading systems, depository system etc. may not only affect the market integrity but also the confidence of investors and stakeholders

It is further required that the market players that the DRS should be set up sufficiently away -- in a different seismic zone. To avoid any unwarranted situation, the IT manager of a company should have Recovery Time Objective (RTO) and Recovery Point Objective (RPO) of not more than 30 minutes and 4 hours, respectively.

As a golden rule, these plans must also be regularly updated both at the P and Secondary DC should be reflected at DRS/ NS immediately (before end of day) with enough flexibility to address the various scenarios without compromising any of the performance metrics.

IT managers must also ensure that adequate resources with the right expertise and competencies are available at all times to handle operations on a regular basis as well as during disasters.

It also asked that disaster recovery drills should be conducted on quarterly basis. In case of vitality, these drills should be closer to real life scenario (business scenario’s, trading days) with minimal notice to DR staff involved.

Zero data loss
These drills and exercises must also be documented and the results and observations of the drills forwarded with suggestions, comments and advice to the IT governing committees and boards.

The guidelines on all of the above are also applicable if companies are having their own IT platforms. You cannot delegate your responsibilities.

Therefore attend the IT section of the European GRC summit to specifically address your preparedness in terms of proper system and infrastructure in case disaster strikes during business hours.

The guidelines must also address issues on the solution architecture of PDC and DRS/ NS to ensure high availability, fault tolerance, no single point of failure, zero data loss, and data and transaction integrity.

So do you have a sustainable Business Continuity Plan (BCP), Disaster Recovery Site (DRS) so as to maintain data and transaction integrity in your Primary Data Centre (PDC) -- to ensure that both DRS and PDC are not affected by the same disasters? Apart from DRS, companies must also have plans for a Near Site (NS) to ensure zero data loss. To avoid any unwarranted situation, you should also have Recovery Time Objective (RTO) and Recovery Point Objective (RPO) of e.g. not more than 30 minutes and 4 hours, respectively.