slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Pakistan PowerPoint Presentation
Download Presentation
Pakistan

Loading in 2 Seconds...

play fullscreen
1 / 17

Pakistan - PowerPoint PPT Presentation


  • 174 Views
  • Uploaded on

Pakistan. BCP Preparedness for City Violence. Tariq Mahmood, Chief Security Officer. July 4, 2007. Pakistan. agenda. 1. A Brief Intro & the Situation. 2. CDC Preparedness. 3. Lessons Learnt. 4. Any Queries. A Brief Intro & the Situation. Pakistan.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Pakistan' - butch


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Pakistan

BCP Preparedness for City Violence

Tariq Mahmood, Chief Security Officer

July 4, 2007

slide2

Pakistan

agenda

1

A Brief Intro & the Situation

2

CDC Preparedness

3

Lessons Learnt

4

Any Queries

cdc pakistan a brief intro figures as on may 31 2007
CDC Pakistan – A Brief Intro (Figures as on May 31, 2007)
  • Number of employees 375
  • CDS live securities 655
  • Participants / Account Holders 534
  • Eligible Pledgees 102
  • Number of shares available in CDS 44.73 Billion
  • Market Capitalization of Shares US $ 30.93 Billion
  • Share Holder’s Equity US $ 17.92 Million
  • Total Assets US $ 21.84 Million
  • Total Revenue US $ 12.36 Million
  • Profit after Tax US $ 3.94 Million
situation
Situation
  • May 12, 2007: A Saturday – Though a full working day but only 50% of the staff attend offices while remaining take off
  • All three Stock Exchanges are closed on Saturday but some of the stock brokers do attend their offices to perform back office work; Banks and Issuers/RTAs are open but mostly for half day only
  • Normally there is only 10% of the business of Mon – Fri. for CDC
  • Blockage in access to offices & other commercial areas was expected due to various political rallies planned that day
  • Violence with that severity was not predictable; CDC called only most essential staff to attend office with arrangements for their stay at hotel
  • No usual traffic in the city – Airport, Railway Stations, public transport affected
  • All utilities were available – Mobile, Telephone, Electricity, Networking etc.
  • Business Centers / Shops remained closed
  • Three offices of CDC in Karachi were operational though at lower scale and provided services to customers till first half of the day only. The CDS was available full day.
  • CDC offices in other cities provided full services
slide6

Pakistan

CDC Preparedness

cdc preparedness introduction
CDC Preparedness - Introduction
  • CDC established DR Site in same city in 2000
  • CDC developed its first DR Plan in 2000
  • Mock DR Drills of different levels were conducted in 2001, 2004, 2005 and 2006
  • BCP of critical business functions was added in the revised DRP in 2006
  • IBM Global Consulting was assigned to develop a comprehensive BCP covering all business functions in Oct 2006
  • Several planning meetings and staff awareness presentations were conducted
  • All business functions prepared their draft BCP by April 2007
  • Table Top tests were conducted to improve BCP
  • Draft BCP of entire CDC was completed in May 2007
  • Following few slides present some of the aspects of the methodology, standards and processes used in the preparation of this BCP
major threats
Major Threats

City Violence

Illogical processing

Invalid translation of user needs (technical requirements)

Inability to control technology

Equipment failure

Incorrect entry of data

Concentration of data

Inability to react quickly

Inability to substantiate processing

Concentration of responsibilities

Erroneous/falsified data

Misuse of administrative authorities

  • Unauthorized access
  • Hardware failure
  • Utility failure
  • Natural disasters
  • Loss of key personnel
  • Human errors
  • Neighborhood hazards
  • Tampering
  • Disgruntled employees
  • Risk of Employees Safety
  • Improper use of technology
  • Repetition of errors
  • Cascading of errors
slide9
Result: CDC targets to become a leading-edge predictive organization

CDC decided to develop a predictive model that will enable CDC to preemptively recognize and successfully respond to a threat before it becomes a crisis

Infinite

Events

Resiliency Planning

Finite

Internal

& External

Impacts

Major Effects

People

Processes

Technology

Infrastructure

Applications

Databases

Partners

Market

Economic

Prioritized Ranking of Threats

Review of Existing Plans

Threat Reduction Controls

Gap Analysis

Development & Testing of Resiliency Plans

Physical, Personnel, Information, Reputation, Participants, Economic, Public and Private Infrastructure Impacts

cdc emergency disaster escalation paths
CDC Emergency / Disaster Escalation paths

.

Request of

Civic and

Request of

Civic and

Vendor Services

Vendor Services

Alarm

Notification

Notification

of Losses to

of Losses to

Insurance Co.

Insurance Co.

Secure

Secure

Damaged Site.

Damaged Site.

Detection

IT Recovery

Alarm

IT Recovery

Procedures for

Procedures for

Critical LAN's

Critical LAN's

IT Recovery

Critical

Procedures for

Workplaces

NonCritical LAN's

Recovery

Damage

Assessment

Help Desk

Workplaces

Resumption

Support Service

Recovery

Procedure Select.

Recovery

Help Desk

DR Committee

Support Service

Convocation

Communication to

Recovery

CDC's personnel

Comm. to

Communication to

Declaration ?

Emergency

Disaster

Media, suppliers,

CDC's personnel

customers

Comm. to

Media, suppliers,

Repair

Problem

customers

Damaged Assets

Repair

End

Damaged Assets

.

cdc business continuity teams
CDC Business Continuity Teams

Business Continuity Plan Team Organization

Disaster Recovery

Manager

IT Disaster Recovery

Coordinator

Secretariat Support

Disaster Recovery

Committee

Administration

Assessment Team

IT System Engineers

Support Team

Team

Enterprise

Surveillance Team

Telco Engineers Team

Security Support Team

Technical Support

Equipment and

IT Operations Team

Team

Facilities Team

Application / Technical

Help Desk Support

Support Team

Team

design criteria 1 basic business continuity plan
Design Criteria-1: Basic Business Continuity Plan

DR Site

KSE

relocation

CDC House

relocation

Takeover

relocation

Takeover

Branches

Alert

Zero hours

8 hours ?

2 hours ??

Emergency

Problem

Disaster

E S C A L A T I O N & D E C L A R A T I O N P L A N

design criteria 2 pre staged and out of region recovery
Design Criteria-2: Pre-Staged and Out of Region Recovery

DR Site

Pre-staged Staff & Technology

Data Integrity

Workload Rotation

Remote Site

CDC House

IT High Availability

Alternate replication link

Data Integrity

Primary replication link

Pre-staged Staff & Technology

Pre-staged Staff & Technology

Takeover

Takeover

Branches

Alert

Zero hours

  • 8 hours
  • 2 hours

Emergency

Problem

Disaster

E S C A L A T I O N & D E C L A R A T I O N P L A N

lessons learnt

Lessons Learnt

Pakistan

July 4, 2007

lessons learnt1
Lessons Learnt
  • People issues are paramount
    • Impact of location of employees; their safety, morale and cross training is important
  • Communications strategies
    • Although communications systems were available, however these may be affected; To consider multiple business recovery hotlines, Telecommuting, Business Continuity Website
  • Third-party contracts without continuity requirements
    • Although it was a one day situation, however if it was a longer duration, service providers and suppliers recoverability capabilities could pose problems; To ensure they got adequate business continuity plans
  • Improved focus on resiliency and investment in continuous availability strategies
    • To continue emphasis on business processes’ resiliency, investment in fault tolerant systems, data storage and network redundancy and to consider improved insurance coverage
  • Non-critical technology more important than anticipated
    • Although CDC was able to continue its data center operations, however it need to consider that worst case scenarios can become reality and it should prepare for that. To consider virtual office strategies.
slide16
Let’s acknowledge that Business Continuity is a process and people design, not only a technology design ……

Technology

Hardware and software capabilities

40%

ProcessDefinition/design, compliance and continuous improvement

PeopleRoles & responsibilities, management, skills development & discipline

60%

any queries

Any Queries ?

Pakistan

July 4, 2007