[ISN] U.S. regulators issue disaster recovery guidelines

From: InfoSec News (isnat_private)
Date: Sat Apr 12 2003 - 01:05:03 PDT

  • Next message: InfoSec News: "[ISN] XML security standard touted at show"

    http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,80262,00.html
    
    By LUCAS MEARIAN 
    APRIL 11, 2003
    Computerworld 
    
    Three U.S. regulatory agencies have released disaster recovery
    guidelines for financial institutions notable for their lack of any
    recommended minimum distance between primary and secondary data
    centers and their recognition that achieving many of the goals could
    take years.
    
    The Federal Reserve, the Office of the Comptroller of the Currency and
    the Securities and Exchange Commission on April 8 issued a white paper
    describing objectives for disaster recovery and business continuity
    plans that should be set in place.
    
    The agencies stated that they expect organizations that fall within
    the scope of the white paper [1] to "adopt the sound practices within
    the specified implementation time frames."
    
    The regulators focused mostly on what they described as "core clearing
    and settlement organizations," or the largest brokerages, custodian
    banks and clearing firms, saying they should substantially achieve
    disaster recovery and sound business continuity practices by the end
    of 2004.
    
    In the event of a wide-scale disaster, the nation's financial system
    "rests on the rapid recovery and resumption of the clearing and
    settlement activities that support critical markets," the agencies
    said.
    
    The guidelines include the recommendation of recovering operations
    "within the business day on which a disruption occurs, with the
    overall goal of achieving recovery and resumption within two hours
    after an event."
    
    "The paper's business continuity objectives, sound practices and
    timetables will clearly improve the resilience of the U.S. financial
    markets," Donald Kittell, executive vice president of the Securities
    Industry Association, stated in a press release.
    
    The document also said that the focus of financial firms should be on
    "appropriate back-up capacity necessary for recovery and resumption of
    clearing and settlement activities for material open transactions in
    the wholesale financial markets."
    
    The agencies' business continuity objectives include rapid recovery
    and timely resumption of critical operations following wide-scale
    disruptions or loss of staff in "at least one major operating
    location," and a high level of confidence through ongoing testing that
    plans are "effective and compatible."
    
    In August, an interagency white paper that was released on
    strengthening the resilience of the U.S. financial system was soundly
    criticized by banks and brokerages for its suggestion that there be a
    minimum distance of 200 to 300 miles between a primary and backup data
    center (see story).
    
    Many firms considered it technically unfeasible. For example, Fibre
    Channel, the most common network protocol used between data centers,
    has a distance limit of about 100 miles, or 62 kilometers.
    
    "We were pleased, because they took into account the dialogue agencies
    had with the industry after the first white paper came out [in
    August]. That's the key point. We're all working together," said
    Margaret Draper, a spokeswoman for the Securities Industry Association
    in New York.
    
    Draper said the white paper could eventually become the basis for
    industry-specific rules that would be administered by self-regulatory
    organizations, such as the National Association of Securities Dealers
    Inc. and the New York Stock Exchange.
    
    Regulators said firms should also maintain sufficient geographically
    dispersed resources to meet recovery and resumption objectives.
    
    But the agencies stated that they aren't recommending that firms move
    their primary offices or data centers outside of metropolitan
    locations, because they understand that financial firms need to
    maintain processing sites near the financial markets.
    
    [1] http://www.sec.gov/news/studies/34-47638.htm
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Sat Apr 12 2003 - 03:29:04 PDT