Hdfc_it-bcp Case Study v1.0

© 2009 Wipro Ltd - Confidential

IT – DR Enagement Case StudyHDFC Bank

© 2009 Wipro Ltd - Confidential2 © 2009 Wipro Ltd - Confidential2

o HDFC Bank IT-DR Challenges & Requirements

o Engagement Overview

o Engagement Approach & Methodology

o Engagement Benefits

Index

© 2009 Wipro Ltd - Confidential3

Challenges & Requirements


o Heterogeneous IT environment encompassing various

types of databases, storage solutions and OS environment

o Windows AD is not implemented across all branches

o Majority of the applications have hard coded IP addresses

o Applications criticality and interdependencies is not clearly

documented

IT Environment Challenges


o Replication and seamless failover solutions for critical business

applications and supporting Infrastructure spread across Primary

Data Center, DR Site, Head Office and depository locations.

o Solution should support interconnectivity with core applications

both in case of partial and full scale disaster scenarios.

o Solution should take care of connectivity with third parties and

interconnecting vendors without any changes at vendor end

o Solution should require minimum configuration changes in the

network and provide for easy fail-over option to DR site with

during a disaster event.

o Solution should be scalable, upgradeable, and easy to configure,

manage and maintain

Bank’s DR Requirements


Engagement Overview


o To establish a structured framework for planning and

implementation of a Disaster Recovery program for the

Bank.

o To protect critical business operations by providing

alternative IT continuity plans to sustain a disaster event.

o To provide technically viable solutions for failover and

fallback of core banking applications (31) during

unfavourable events

o To develop an effective IT-Business Continuity Plan &

Procedures to facilitate recovery & resumption

o To ensure compliance with the RBI regulations on BCP/DR

IT-DR Engagement Scope


Engagement Approach & Methodology


o Core team meet Business Stakeholders to gain a

functional understanding of the application & IT owners

to understand

the technical architecture & setup at primary and DR

site. Key deliverables prepared during this phase were:o Application-wise Understanding Documents including application

& business inter-dependency diagramso Application-wise Asset Registers capturing details and criticality

of each application componento Application DR Gap Assessment Report covering gaps in each

application’s existing recovery capability

Understanding Current State


o Core team conducted Business Impact Analysis (BIA)

Exercise to identify the impact of disruption of each

application services on bank’s operations and Risk

Assessment Exercise to identify threats to existing

application setup with supporting mitigation strategies.

This was done using a structured questionnaire & risk

database. Key deliverables prepared during this phase

were:o Business Impact Analysis Modelo Application-wise business impact analysis report capturing

application RTO & RPO details with recovery priorities o Application-wise Risk Assessment Report with supporting risk

mitigation planso Datacenter P&E Risk Assessment Report

Understanding Business Impact & Risk Environment


o Multiple recovery option were presented coveringo Network level recovery & resumption strategieso Application recovery options at primary siteo Application replication options covering storage infrastructure setup

o Following solution aspects were covered for each

application recovery strategyo Overviewo Prerequisites, Assumptions & Limitationso Recovery Architecture for both full and partial disaster scenarioso Data Replication Strategyo Fall back and Resumption Strategyo Advantages with Implementation Strategy

o Detailed Run-books were prepared for each application

which provided step by step actions to undertake during a

recovery/resumption process

Developing Recovery Strategies


o A detailed DR Plan document was prepared which provided

the DR organization structure of the bank with team roles

and responsibilities. Key aspects covered in the DR Plan are:

o Plan scope, objectives & assumptions

o DR Recovery Organization with roles & responsibilities

o Disaster Classification & Activation Guidelines

o Incident Management Process

o Plan administration and maintenance guidelines

o Plan testing strategy and test guidelines

o Training

o Emergency procedures

o Evacuation Plans

o Supporting Recovery & Maintenance Templates

Designing DR Plan & Framework


o After Finalization of recovery strategies, different levels of

testing exercise from Table-top to live fail-over scenarios

were undertaken.

o Engagement concluded with training workshops to DR team

members which included areas like

o IT-DR Framework

o Team & Individuals Roles & Responsibilities

o Disaster Classification & Plan Activation Guidelines

o Recovery & Resumption process

o Sustenance activities to be conducted

o Do’s & Dont’s

Testing & Training


Current IT-DR Sustenance Activities


Benefits


Benefitso Clear recommendations with respect to workable DR

failover and fallback strategies in line with the aggressive

growth plans of the bank

o Data replications options for different types of storage

devices

o Prioritization of critical applications for recovery at DR site

in case of full scale disaster scenario

o Established technical capability to recover its critical

banking operations in an event of a disaster or

contingency.


Benefitso Documented procedures to recover from disaster, thus

eliminating people dependency

o Bank has a comprehensive IT-BCP Framework, which is in

compliance with RBI regulatory requirements and COBIT

framework.

o Tested Crisis Management Plan to respond to unforeseen

events and ensure employee safety.

o IT recovery strategy helps bank meet its primary goals of

market leadership, customer services, and business

excellence

© 2009 Wipro Ltd - Confidential

Thank You

Deepak K Mudalgikar

Vice President – IT, HDFC Bank Ltd

E-mail: [email protected]

Hdfc_it-bcp Case Study v1.0

Documents

Transcript of Hdfc_it-bcp Case Study v1.0