1 / 19

Business Continuity : The sixth international payment system conference

Learn about Business Continuity Management (BCM) at Magyar Nemzeti Bank, Hungary's central bank. Explore its history, concept, organization, database maintenance, testing, and real-world application. Discover key practices and tools to manage operational risks effectively.

kentn
Download Presentation

Business Continuity : The sixth international payment system conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Business Continuity: The sixth international payment system conference MNB, Budapest 14 November, 2007

  2. Business Continuity Management at the MNB Péter Rajczy Integrated Risk Management Magyar Nemzeti Bank the central bank of Hungary

  3. Introduction • Operational risks in the central bank • Financial and reputational losses • Impact on the financial system of the country • Risk management: Avoiding risk events / mitigating impacts • Business Continuity Management: a special tool to manage certain types of risks (system disruption, external events etc.

  4. Questions to discuss: • 1. A Historical Outline: BCM in the MNB • 2. Concept and Foundation • 3. Organisation and Responsibilities • 4. Maintenance of BCP/DRP database • 5. BCP in the minds and in the practice • 6. BCP at the Splitsite – the Immediate Backup Centre • 7. The Key Personnel Project • 8. Logistics Centre: Planning the Future

  5. A historical outline: BCM in the MNB • 2002: KPMG. Interviews, presentation and first steps: building up the bankwide system of BCM • 2003: BCP data maintenance and testing: the great supply disruption test • 2004: Overall revision of BCP/DRP data • business activities & resources, interdependencies, BIA – BCP’s – tests • 2005: First split site testing, training of local BCP officers • 2006-7: Running a robust BCM; key persons • 2008: BCP in the new split site: the Logistic Centre

  6. 2. Concept and Foundation • BCM as a part of the integrated ORM • Initial database and BIA: setting up the boundary conditions – what is the Worst Case Scenario (system downtime, missing key persons, buildings) • Data acquisition and integrity • The role of the Crisis Management Committee

  7. 3. Organisation and Responsibilities • Starting with top-down sponsorship • maintaining data integrity, management of testing • Department-based planning: bottom-up. Responsibility of the local BCP officers • Crisis management: • Crisis Management Commitee (CMC): decision about relocating business to split site • Local Crisis Group (LCG) leader: activating single BCP’s

  8. 4. Maintenance of the BCP/DRP Database: the ÜFO • a relational database to store basic parameters for business activities, IT resources etc. • maintenance: Central BCP Manager • data input: Local BCP Officers • storing documents • report queries • BCP/DRP print-outs • test print-outs

  9. 4. Maintenance of the BCP/DRP database: the ÜFO(continued)

  10. 4. Maintenance of the BCP/DRP database(continued 2) • Structure of the database: • basic tables (organisation, personnel, formulas etc) • business activities (data, priorities, impact scaling etc) • resources (IT, Human, External, Others) • dependency scales • action plans (BCP, DRP) • documents of certification (tests)

  11. 4. Maintenance of the BCP/DRP database(continued 3) • Functions of the database: • updating data • Central BCP Administration: basic tables • local BCP Officers: BCP/DRP action plans • central BCP Officers: coordination • business impact analysis (BIA) • data management • reports: BCP/DRP sheets, activity/risk matrices • other queries, look-ups • activity logging, integrity checks

  12. 4. Maintenance of the BCP/DRP database (continued 4) • Business Impact Analysis • rating business activities by: • priority • targeted recovery time (TRT) • dependency scale from resources • rating resources by • operational reliability (downrisk) • maximal tolerated downtime (MTD) • output: a list of recommended BCP’s

  13. 4. Maintenance of the BCP/DRP database (continued 4) • Business Continuity & Disaster Recovery Plans • Basic data • Preparation phase • Response phase • Alternative working process • Phase of recovery • Phase of making checks

  14. 4. Maintenance of the BCP/DRP Database (continued 5) • Testing a BCP • responsibility of the Local Crisis Group • depth of the tests: • desktop check • test in a simulated environment • live test • scope of the test • elementary: including one department • integrated: with cooperation of several departments • surveillance of test status (Central BC P Manager)

  15. 5. BCP in the minds and in the practice • BCP: Is it a burden for everybody? • „Personal plans” vs bankwide BCP/DRP framework: to be better prepared for the unexpected • transparency of the network of responsibilities • Side-effects: • lessons we learned during tests • realizing the need of controlled data update • Risks of data integrity disruption

  16. 6. BCP and the Splitsite – the Immediate Backup Centre • Broadening the boundary conditions: business continuity in case of major IT disruptions or physical shocks • Remote site access in case of crisis • operating the communication in crisis situation (telephone cascade) • preparation of the Crisis Management Committee’s decisions • transport supply • error detection and helpdesk service at the remote site

  17. 6. BCP and the Splitsite (continued) • Crisis Managing Committee (CMC) • Taking decisions about: • Starting work at an alternative site • Giving instructions to deviate from a BCP • Efficiency of the informatical background - „warming up” • Doing business in an unusual environment (training rutines)

  18. 7. The Key Personnel Project • Demonstrations, strike of transport workers, some food health cases • Avian flu issues • 2007: need to expand BCP boundary conditions to loss of key personnel • Definition of Key Local Crisis Group: responsibility of the LCG leader • Central administration in the ÜFO

  19. 8.The Logistics Centre: Planning The Future • Plans to dislocate key functions wich demand high security and availability (e.g. cash transport, note processing) • Dislocating secondary (hot) site for data storing • Establishing secondary IT (hot) site serving critical business processes • Secondary site for continuing critical business processes in case of major disruption (Business Continuity Plan for missing site)

More Related