2. Alternate locations: To hot site, or not to hot site?
A DR strategy should include remote access to a DR environment that replicates a firm’s primary environment and enables employees to remain operational and productive in the event of an outage. For most, a physical hot site location is not necessary; however, some firms are most comfortable having their teams all in one place to continue critical business functions, such as trading.
3. Remote access technology
There are three commonly used technologies for remote access: virtual private network (VPN), Citrix and Outlook Web Access (OWA).
VPN technologies work by connecting a remote computer to a user’s primary computer, allowing someone to “remote desktop” and run all of the applications that live on his work computer’s server.
With a Citrix server, you can log into a website via any computer and get access to the applications that live on the Citrix server in your office.
For those who use Microsoft Outlook for email, Outlook Web App (OWA) provides Web access to email, contacts and calendars.
Whichever remote access technology or combination of technologies a firm decides to employ, the key is ensuring employees know how to properly use them and test them prior to a disaster.
Another consideration to keep in mind is licensing of remote access technology. SSL VPN and Citrix are both licensed by concurrent users, so as your firm adds new employees and users, remember to add licenses accordingly. Unfortunately, some firms don’t realize they need more licenses until a disaster hits and employees are unable to connect.
4. Communication plans
Communication is vital during a disaster or incident. As part of the BC planning process, firms should outline procedures for communicating with employees as well as external business partners (e.g., regulators, exchanges, emergency officials, etc.). They must also identify the individuals within the organization (names and titles) who are responsible for initiating the emergency procedures outlined in the BC planning.
For employee communications, be prepared to outline work expectations and how information will be disseminated. For partners, know how to reach them and set guidelines on the frequency with which they can expect updates on post-recovery status.
5. Review and testing
Testing is an essential component of any effective DR and BC planning strategy and should include systems as well as employees. As part of the process, firms should conduct a full BC planning test at least annually to validate that critical functions can operate regardless of location. Employees should also complete annual BC planning training.
In addition to training, employees should validate that they can work remotely and access the systems necessary to continue their functions. Firms should also ensure their infrastructure can accommodate telecommuting for all employees.
6. Looking at service providers
Just as regulators are reviewing the contingency plans of investment firms, you too should understand the precautions your service providers have in place. Ask to review their disaster recovery and business continuity plans as well as corporate policies around information security.
Mary Beth Hamilton is vice president of marketing for Eze Castle Integration.