1 / 15

Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members

Survey & recommend DRP methodology; cost-effective data protection against disasters; risk analysis, solution design, testing, maintenance & training for compliance with ISO 27000.

lgreenly
Download Presentation

Disaster Recovery Planning & Cross-Border Backup of Data among AMEDA Members

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Recovery Planning& Cross-Border Backup of Data among AMEDA Members Vipin Mahabirsingh Managing Director, CDS Mauritius For Workgroup on Cross-Border Backup Solutions (Tunisia, Morocco, Mauritius & Swift)

  2. Objectives • To make a survey to assess the current status at each AMEDA member regarding Disaster Recovery Planning (DRP) • To make recommendations on DRP methodology based on international standards • To find cost-effective solutions to protect each member’s data against national and regional disasters

  3. DRP Methodology • Risk Analysis • Solution Design & Implementation • Testing • Maintenance and Training • Ensure compliance with ISO 27000

  4. Risk Analysis • Business impact analysis (B.I.A) • Settlement Platform • Communication services (File transfer; web applications; Network facilities) • Key Metrics • R.P.O (Recovery Point Objective) : 1 hour • R.T.O (Recovery Time Object) : 2 hours

  5. Risk Analysis • Threat analysis: (most important) • System Outage • Power Outage • Fire • Flood • Earthquake, Tsunami • Terrorism • War • Definition of impact scenarios

  6. Solution Design and Implementation • Hot stand-by in a local site (High availability solution & SAN) • Recovery site (20 Km recommended) • Data Backup at regular interval • to tape and sent off-site • to disc and automatically copied to off-site disk (data replication) • Electric generator and UPS (Uninterruptible Power Supply) • Service bureau (Telecom outage) • Documentation (Responsibilities, Decision Tree, Procedures etc.)

  7. Solution Design and Implementation

  8. Testing/Simulation • Technical swing from primary to secondary site • Application test • Telecom test • Command team : IT Team • Frequency : 2-3 times a year

  9. Maintenance and Training • Changes (staff, supplies, …) • Technical solutions verification (patch distribution, hardware & software operability check, data backup verification) • Treatment of test failures • On-going training of existing and new staff

  10. Cross-Border Backup of Data • To find cost-effective solutions to protect each member’s data against national and regional disasters • Alternative 1 - Bilateral arrangements between members • Alternative 2 - Hub and spoke model whereby one or two AMEDA members set up the necessary hardware and software for storing the backup data of all AMEDA members

  11. Challenges • How to ensure the security of the data during transmission and storage? • Only the AMEDA member which generated the backup data should have access to this data • How to deal with the large size of the backup files to be transferred? Not easy to find cost-effective solutions for the remote transfer of large files

  12. Possible Solution Applicable to both Alternatives 1 & 2 • Each AMEDA member generates a backup file at specific times during the day • Backup file is then encrypted and the key will be known only to the AMEDA member • File compressed and sent to the backup server via a Virtual Private Network (VPN) over the Internet or via SWIFT • The backup site must be fully secured and must meet industry standards on security and data recovery (e.g standards of the Uptime Institute) • Even at the backup site, the file can be accessed only by the AMEDA member which generated the file

  13. Backup site • In Alternative 1 two AMEDA members can agree to act as backup sites for each other. • In Alternative 2 backup site could be hosted in one or two countries which are less exposed to natural and man-made calamities • Should be geographically far from high risk areas • Should have sufficient capacity to store the data of all AMEDA members – Not Applicable to Alternative 1 • In either case, backup service to be covered under a Standard Service Level Agreement between backup site and the other AMEDA member/s

  14. Cost implications • Alternative 1 is less costly since existing equipment and links could be used given less that less capacity would be required if backup is done on a bilateral basis • In Alternative 2 the backup site would have to charge a reasonable service fee to the other AMEDA members to recover its investment in any additional equipment and to cover direct costs • Existing hosting service providers may be used • High speed Internet links or Swift connection required • Detailed business case can be developed if there is interest for this solution

  15. Thank You

More Related