180 likes | 399 Views
Risk and Business Continuity at SWIFT. Harry Newman Budapest 14 November 2007. Risk and Business Continuity. Community ownership, governance, and involvement in business continuity planning Technical and operational excellence Assurance and transparency. Governance and Oversight.
E N D
Risk and Business Continuity at SWIFT Harry Newman Budapest 14 November 2007
Risk and Business Continuity • Community ownership, governance, and involvement in business continuity planning • Technical and operational excellence • Assurance and transparency
Governance and Oversight Oversight National Bank of Belgium (lead overseer) and G-10 central banks Governance Board Board committees National groups User groups SWIFT community
Risk and Business Continuity • Community ownership, governance, and involvement in business continuity planning • Technical and operational excellence • Assurance and transparency
SWIFT actions Stronger cyber security and hardened physical security Staff security procedures and enhanced vetting Service continuity improvements Crisis management Security People Service continuity Crisis mgmt Building the resilient financial infrastructureA co-ordinated approach
Security evolution of SWIFT services 1977 1991 1995 1996 2003 2007 Members/Messages 239/15 million 430/365 million 5,272/604 million 5,511/688 million 7,527/2048 million Relationship Management BK Paper BK Disc RMA Message Authentication BK Paper BK Disc PKI HSM PKI Keys Disc STEN Cylink VPN Box Encryption Access Control ICC Cards / Card Reader PKI HSM Increased Security
Resilience Networks SWIFT OPCs Customer OPCs SWIFT’s backbone network Access networks Customer Resilience across all dimensions
SWIFT’s backbone network Customer resilience SWIFTSupport Enhanced for 108 Critical Customerssending 75% of global traffic on SWIFTNet Dual sites, componentsand Network Partners • Mandate highest customer resilience • Service managers perform system and process health-checks • Command centre handles crisis and enforces post-incident improvement actions Dual sites and components Dual sites Single leased lines Increased customer resilience Single site SWIFT’s backbone network
Resilient IP Access Network • Multi-vendor IP network managed by SWIFT • Risk spread across multiple networks(AT&T, COLT, Equant, BT Infonet) • 6 Backbone Access Points globally for Network Partners to connect to Swift • Customers multiply connected to Swift • Secure VPN overlay network • Managed service • 24x7 monitoring critical customers are encouraged to use multiple network partners
Swift Backbone Network • Global backbone network • Interconnect Swift’s OPCs and Backbone Access Points • Designed for Dual Point of Failure (DPOF) resilience • Resilience is built into both the backbone and the networks carried over it • Full capacity for main message flow under dual failure conditions • Multiple carrier trunks using separate cables • Routing of circuits dealt with to the road level to avoid common points of failure for different carriers
SWIFT OPC resilience Layer 1 Day to day resiliency. Multiple connections, protected sites, built in backup within Operating Centres Layer 2 Intercontinental backup in 30 minutes in the unlikely event layer 1 fails Layer 3 Disaster Recovery Infrastructure for the extreme case where layer 2 is not enough
Crisis management to the next level SC3 - SWIFT Crisis Co-ordination and Communication COMMAND CENTRE EURO Updates SC3SECRETARIAT SWIFT OPS US DOLLAR SC3 UK POUND SWIFT Crisis Management + OPC(s) resilience and recovery SWISS FRANC JAPANESE YEN
Customer support – 24 x 7 x 365 Americas EMEA Asia Pacific
FNAO culture at SWIFT Prevent Plan Learn Incidents Manage Failure Is Not An Option Slide 14
Recent history of availability results Note: During this period, SWIFT resilience prevented availability impact from any natural disasters, including the Taiwan earthquake in December 2006 that caused significant problems for other service providers in Asia. * Reflects YTD results through May 2007
Risk and Business Continuity • Community ownership, governance, and involvement in business continuity planning • Technical and operational excellence • Assurance and transparency
Assurance and transparencyProviding greater assurance – SAS 70
SWIFT’s on going commitment Our vision is to be global financial community's foremost messaging infrastructure that is lowest risk and highest resilience