In Brief

Disaster Practice

When the British government wanted to test the resiliency of its financial institutions, it commissioned 'an afternoon from hell.'

By Jeremy Kirk

March 01, 2006CSO

The buildup started on a Monday morning last November. First, there was a failure in the clearing systems used to transfer money between banks after routine systems maintenance. Then, terrorists staged a series of bomb attacks around Britain, causing hundreds of casualties in London and considerable damage to major financial centers. Around the same time, malicious hackers tried their best to break into the banks' systems.

All in all, 'twas was a bad day. The disaster recovery simulation was organized by the Tripartite Authorities, a group comprising the Financial Services Authority, the U.K. Treasury Department and the Bank of England.

Monitors from KPMG, a consultancy that created the scenario, watched from 14 sites around London as 80 companies and more than 3,000 participants worked to keep their staffs safe and their operations running.

Canary Wharf's To-Do List

> Broaden disaster testing with telco providers.

> Test staff arrangements in crisis plans.

> Explore switching to overseas operations.

source: Financial Services Authority (www.fsc.gov.uk)

The goal was to create a situation that appeared realistic, to show how the police and other government agencies would react, says Rick Cudworth, a KPMG partner who heads Business Continuity Services. So actors on a closed-circuit TV channel broadcast "news." A secure website presented crisis updates for participants to monitor developments, says Rob McIvor, head of media relations for the Financial Services Authority.

For HSBC Bank and others in the Canary Wharf financial district, the scenario included a special wrinkle: Dangerous hazards prompted police to prohibit access to the area. This prevented HSBC employees from accessing the bank's contingency site, says Neil Brazil, press officer for the bank. After the exercise, the bank began to work with police to refine emergency plans, he says. Brazil says HSBC weathered the scenario "without any of our customers experiencing any problems."

This was the second year that such an exercise has been held in London, with approximately 45 more companies participating than in 2004. It is one of several initiatives by the Tripartite Authorities to bolster the finance industry's contingency plansbegun before terrorists struck London's subway and bus system last July. A report on November's exercise, with recommendations for businesses, is set to be released by early March, McIvor says.

If a report released by the Tripartite group in December is any indication, there will be many lessons. That survey, called the "Resilience Benchmarking Project," asked about 60 financial companies 1,000 questions and generated reports to show how businesses compared with their peers. Several participants described these questions "as a wake-up call in terms of improving business continuity teams' understanding of their firms' critical business functions," the report said.

$firstKeyword

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors