Hdfc_it-bcp Case Study v1.0
description
Transcript of Hdfc_it-bcp Case Study v1.0
© 2009 Wipro Ltd - Confidential
IT – DR Enagement Case StudyHDFC Bank
© 2009 Wipro Ltd - Confidential2 © 2009 Wipro Ltd - Confidential2
o HDFC Bank IT-DR Challenges & Requirements
o Engagement Overview
o Engagement Approach & Methodology
o Engagement Benefits
Index
© 2009 Wipro Ltd - Confidential3
Challenges & Requirements
© 2009 Wipro Ltd - Confidential4 © 2009 Wipro Ltd - Confidential4
o Heterogeneous IT environment encompassing various
types of databases, storage solutions and OS environment
o Windows AD is not implemented across all branches
o Majority of the applications have hard coded IP addresses
o Applications criticality and interdependencies is not clearly
documented
IT Environment Challenges
© 2009 Wipro Ltd - Confidential5 © 2009 Wipro Ltd - Confidential5
o Replication and seamless failover solutions for critical business
applications and supporting Infrastructure spread across Primary
Data Center, DR Site, Head Office and depository locations.
o Solution should support interconnectivity with core applications
both in case of partial and full scale disaster scenarios.
o Solution should take care of connectivity with third parties and
interconnecting vendors without any changes at vendor end
o Solution should require minimum configuration changes in the
network and provide for easy fail-over option to DR site with
during a disaster event.
o Solution should be scalable, upgradeable, and easy to configure,
manage and maintain
Bank’s DR Requirements
© 2009 Wipro Ltd - Confidential6
Engagement Overview
© 2009 Wipro Ltd - Confidential7 © 2009 Wipro Ltd - Confidential7
o To establish a structured framework for planning and
implementation of a Disaster Recovery program for the
Bank.
o To protect critical business operations by providing
alternative IT continuity plans to sustain a disaster event.
o To provide technically viable solutions for failover and
fallback of core banking applications (31) during
unfavourable events
o To develop an effective IT-Business Continuity Plan &
Procedures to facilitate recovery & resumption
o To ensure compliance with the RBI regulations on BCP/DR
IT-DR Engagement Scope
© 2009 Wipro Ltd - Confidential9
Engagement Approach & Methodology
© 2009 Wipro Ltd - Confidential10 © 2009 Wipro Ltd - Confidential10
o Core team meet Business Stakeholders to gain a
functional understanding of the application & IT owners
to understand
the technical architecture & setup at primary and DR
site. Key deliverables prepared during this phase were:o Application-wise Understanding Documents including application
& business inter-dependency diagramso Application-wise Asset Registers capturing details and criticality
of each application componento Application DR Gap Assessment Report covering gaps in each
application’s existing recovery capability
Understanding Current State
© 2009 Wipro Ltd - Confidential11 © 2009 Wipro Ltd - Confidential11
o Core team conducted Business Impact Analysis (BIA)
Exercise to identify the impact of disruption of each
application services on bank’s operations and Risk
Assessment Exercise to identify threats to existing
application setup with supporting mitigation strategies.
This was done using a structured questionnaire & risk
database. Key deliverables prepared during this phase
were:o Business Impact Analysis Modelo Application-wise business impact analysis report capturing
application RTO & RPO details with recovery priorities o Application-wise Risk Assessment Report with supporting risk
mitigation planso Datacenter P&E Risk Assessment Report
Understanding Business Impact & Risk Environment
© 2009 Wipro Ltd - Confidential12 © 2009 Wipro Ltd - Confidential12
o Multiple recovery option were presented coveringo Network level recovery & resumption strategieso Application recovery options at primary siteo Application replication options covering storage infrastructure setup
o Following solution aspects were covered for each
application recovery strategyo Overviewo Prerequisites, Assumptions & Limitationso Recovery Architecture for both full and partial disaster scenarioso Data Replication Strategyo Fall back and Resumption Strategyo Advantages with Implementation Strategy
o Detailed Run-books were prepared for each application
which provided step by step actions to undertake during a
recovery/resumption process
Developing Recovery Strategies
© 2009 Wipro Ltd - Confidential13 © 2009 Wipro Ltd - Confidential13
o A detailed DR Plan document was prepared which provided
the DR organization structure of the bank with team roles
and responsibilities. Key aspects covered in the DR Plan are:
o Plan scope, objectives & assumptions
o DR Recovery Organization with roles & responsibilities
o Disaster Classification & Activation Guidelines
o Incident Management Process
o Plan administration and maintenance guidelines
o Plan testing strategy and test guidelines
o Training
o Emergency procedures
o Evacuation Plans
o Supporting Recovery & Maintenance Templates
Designing DR Plan & Framework
© 2009 Wipro Ltd - Confidential14 © 2009 Wipro Ltd - Confidential14
o After Finalization of recovery strategies, different levels of
testing exercise from Table-top to live fail-over scenarios
were undertaken.
o Engagement concluded with training workshops to DR team
members which included areas like
o IT-DR Framework
o Team & Individuals Roles & Responsibilities
o Disaster Classification & Plan Activation Guidelines
o Recovery & Resumption process
o Sustenance activities to be conducted
o Do’s & Dont’s
Testing & Training
© 2009 Wipro Ltd - Confidential15 © 2009 Wipro Ltd - Confidential15
Current IT-DR Sustenance Activities
© 2009 Wipro Ltd - Confidential16
Benefits
© 2009 Wipro Ltd - Confidential17 © 2009 Wipro Ltd - Confidential17
Benefitso Clear recommendations with respect to workable DR
failover and fallback strategies in line with the aggressive
growth plans of the bank
o Data replications options for different types of storage
devices
o Prioritization of critical applications for recovery at DR site
in case of full scale disaster scenario
o Established technical capability to recover its critical
banking operations in an event of a disaster or
contingency.
© 2009 Wipro Ltd - Confidential18 © 2009 Wipro Ltd - Confidential18
Benefitso Documented procedures to recover from disaster, thus
eliminating people dependency
o Bank has a comprehensive IT-BCP Framework, which is in
compliance with RBI regulatory requirements and COBIT
framework.
o Tested Crisis Management Plan to respond to unforeseen
events and ensure employee safety.
o IT recovery strategy helps bank meet its primary goals of
market leadership, customer services, and business
excellence
© 2009 Wipro Ltd - Confidential
Thank You
Deepak K Mudalgikar
Vice President – IT, HDFC Bank Ltd
E-mail: [email protected]