Understanding the lingo of disaster recovery and business continuity planning is essential to ensuring a firm is fully knowledgeable during the planning process and prepared should an incident occur. Here at Eze Castle Integration we are regularly defining key DR terms for our hedge fund clients. Since we fancy ourselves experts on all things hedge fund DR related, we have have developed this handy list of common DR definitions.
A component of Disaster Recovery that deals with the restoration of business system software and data, after the operating system environment has been restored or replaced.
A system of planning for, recovering and maintaining both the IT and business environments within an organization regardless of the type of interruption. In addition to the IT infrastructure, it covers people, facilities, workplaces, equipment, business processes, and more.
An often overlooked, but critical component of disaster recovery (DR) solutions is testing. In an interview with HFMWeek, Bob Guilbert touched upon the topic of DR testing. In the discussion, Bob noted that “the best approach that funds can take to ensure an effective disaster recovery system is to test them periodically.” Lisa Smith, a Certified Business Continuity Planner here at Eze Castle, also echoes this advice in her conversations regarding inclement weather business continuity planning.
If regular testing is a critical component of an effective DR solution, why do many firms fail to do so? In working on the Eze Disaster Recovery team for several years, I have heard a variety of reasons from clients as to why this is the case. The most common reasons include:
a lack of time to commit to DR testing;
a lack of understanding as to how to go about testing their solutions;
and a belief that testing could hinder normal business operations, and is therefore too risky for the firm.
In the fast-paced, volatile world of financial services, constantly maintaining normal business operations is crucial – even in the event of an unexpected disaster. Even just a few moments of downtime could be extremely costly, so it is essential that firms implement sound business continuity procedures.
Since we frequently work with our hedge fund and alternative investment clients on developing comprehensive business continuity plans (BCPs), we feel it is important to review and test our own BCP procedures on a regular basis to ensure they will meet our most current business needs in the event of a disaster. To this end, Lisa Smith - one of our certified business continuity professionals - and her team recently conducted a BCP table top exercise with our management team here at Eze Castle. After this successful meeting, we thought it would be valuable to share some insights on the BCP table top exercise process with our readers to spotlight the importance of this activity.
Many building tenants have a daily interaction with their building’s management. The interaction may be a friendly “good morning” or “goodnight”. Perhaps you’re on a first name basis with some of the front desk employees. Typically, that is where the relationship ends, and if so, that can potentially lead to some issues in the future.
Being able to quickly communicate and respond in the case of an emergency or interruption can make a big difference to building management and tenants alike. Additionally, having each other’s contact information can be extremely helpful during regular business hours, as well as, off-hours or holidays and weekends.
During regular business hours, building management has several options to notify tenants. Depending on the type and severity of an emergency, facility management may choose to utilize passive notification, such as email, or they may use more aggressive notification like public announcement (PA) systems or alarms. While alarms and PAs might help grab the attention of tenants, they aren’t the most effective tools to communicate long or detailed messages. Even planned drills, such as fire drills during regular business hours, are not fool-proof. During this commotion, it may be difficult to locate members of building management and even harder to efficiently communicate.
We’re in Hurricane Season so let’s look at some best practices to ensure you and your employees are prepared for the unexpected. Remember, these four Eze Tech Tips are great for the next Snowmageddon too.
Want more Disaster Recovery Tech Tips?
Here are your options:
Business continuity planning. Disaster recovery. BCP. DR. You know the terms. You know investors are looking for them. But do you know what the real differences are between them?
Business Continuity Planning and Disaster Recovery have the same goal: to implement procedures that will enable a business to recover in the event of a disaster or disruption. But each has its own focus. Business Continuity Planning revolves around people. A hedge fund business continuity plan should identify the steps necessary to get operations up and running as it relates to business functions and personnel. BCP plans usually identify mission-critical services, communication strategies, employee recovery procedures and training methods.
Disaster Recovery Planning is directly related to the technology and infrastructure that supports business operations. In developing a disaster recovery strategy, hedge funds typically examine what applications and services they have in production and which ones are mission-critical. File shares, email, accounting and trading applications and voice capabilities are often the first that come to mind, but firms should evaluate which are most essential to them. The two most important factors associated with disaster recovery planning are the recovery point objective (RPO) and the recovery time objective (RTO).
Back on July 8th of this year, the New York Stock Exchange (NYSE) experienced a temporary outage and proactively suspended trading. In many ways, the NYSE acted swiftly and responsibly when they noticed that there was a technical issue with its trading platform. The NYSE realized quickly that traders would not be able to reliably trade and ultimately decided to suspend trading across the market until full functionality could be restored. In total, NYSE trading was suspended for nearly four hours.
Although the overall impact of the downtime was minimal in the grand scheme, had this event impacted the public market data feed which traders and investors use to access critical information on public markets, the impact would have been more severe. Even still, there are some takeaways from this event. A positive: the success of the SEC Regulation NMS implementation. A negative: critique of the initial communications from the NYSE. Let’s examine these a little closer.
A Win for SEC Regulation NMS
The technical issues that caused the NYSE to suspend operations on July 8th occurred as the result of a new software rollout. All open orders at the time were canceled. Most investors were able to continue trading utilizing one or several of the 11 other Exchanges or 40+ dark pools to execute trades. A recent Wall Street Journal article1 indicated that as of 2005, 80% of the trades conducted across the U.S. stock market were via the NYSE. That figure currently stands at about 20%, in part because of a 2007 regulation commissioned by the SEC called Regulation NMS (national market system). This rule, enacted in 2007, allows for orders to be directed to the exchange that quotes the best price. It also reduces transaction fees for investors as a result of increased competition. Therefore, there is fortunately redundancy and flexibility for traders if a single or multiple markets are experiencing downtime. Had July’s technical glitch taken place a decade earlier when the majority of US stock trades were executed on the NYSE, the impact would have been more severe.
As summer officially approaches its halfway point, we at Eze Castle Integration hope that everyone is enjoying the beautiful weather. We also want to take this opportunity to remind folks to be mindful that your firm can still be vulnerable, even when the weather is warm and sunny. With heat and humidity rising, power usage is increased to keep offices cool, leaving firms susceptible to power outages. Additionally, with employee vacations prevalent during the summer and offices less crowded, there are fewer gatekeepers protecting your firm from social engineering threats and hackers. Let’s examine some of these factors a little more closely and offer some business continuity and security tips to keep your firm running at full speed in the summer heat.
Impact of the Heat: Power Outages
You are sitting at your desk and recording sensitive information for one of your clients, when all of a sudden your screen goes black, and the office is completely dark. Your firm has experienced a power outage caused by increased usage during the summer months, and you are not sure if your information and technology is protected.
The months of July, August and September are considered the “blackout season” as major cities use the most power during these months, leaving them susceptible to power outages. According to the Energy Information Administration, electrical power outages, surges and spikes in usage bring about more than $150 billion in annual damages to the U.S. economy.1
Did you know that the average cost of a data breach is $3.8 million? Or, that the consolidated average cost incurred for each record of lost or stolen sensitive and confidential information has increased six percent (6%) since 2013 from $145 to $154? A recent study of 350 companies spanning 11 countries reported the aforementioned statistics, representing a twenty-three percent (23%) increase in data breach consolidated costs.
If communicating to your employees, investors, vendors, and partners is important on a daily basis, then ensuring effective communication during a disaster or disruption should be a priority, too. There are many reasons why it may be advantageous for a firm to consider utilizing an Emergency Notification System (ENS) in order to ensure that internal and external parties are kept informed and updated. Traditional calling trees are cumbersome and time consuming, and emails -- especially outside of business hours -- can often be overlooked. Today, notifications systems can quickly and effectively send messages using a variety of delivery methods. It’s no wonder many companies large and small are moving to these kinds of systems. However, finding the right system requires some thought and planning. This article will cover some items firms may want to consider when shopping for a notification system.
Does the system require on site hardware or is it hosted online or a hybrid of the two?
On Site: This option is rarely utilized, and it means that hardware/software will have to be added locally to the firm’s infrastructure to sync up with the system. Depending on the current IT set up, firms may want to discuss this option with their IT administrator or provider to ensure it is feasible. This option can be vulnerable if there are local issues affecting the firm’s office because it will most likely also affect the notification system.