Search
Close this search box.

Simplifying Operational Resilience in the Financial Sector.

The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) respective policy statements PS21/3 & PS6/21 published in March 2021 established the frameworks for relevant firms within the financial sector to implement measures that would ensure Operational Resilience for important business services. The practical implications of achieving compliance with these directives present far-reaching obligations for applicable firms and prescribe a significant investment in planning, processes, and technologies. At the highest level the directives required firms to operationalize the following fundamental parameters during the period from March 2021 to March 2022.

  • Set customer, firm, and market impact tolerances for important business services in severe but plausible scenarios. Impact tolerance: means the maximum tolerable level of disruption to an important business service, including the maximum tolerable duration of a disruption.
  • Map processes and underlying resources to important business services.
  • Identify important business services and document the necessary processes, people, facilities, technology, and other resources required to deliver the important business services.

March 2022 onwards marks the transition period during which firms must set in place all measures required to be compliant with the directives when the policies come fully into force in March 2025

Setting impact tolerances, scenario testing and self-assessment reporting.

Disaster recovery (DR) planning, testing, and reporting are core components of achieving operational resilience and these functions map directly into the policy tasks of setting impact tolerances, scenario testing and self-assessment reporting. Cristie Software system recovery and replication solutions can simplify these tasks significantly through the recovery automation, orchestration, and reporting features of our products.

Cristie Software BMR Recovery can act standalone or as an extension to leading backup solutions.

Cristie bare machine recovery (BMR) software provides high performance system recovery as a standalone solution or as an extension to leading backup solutions from Dell EMC, IBM, Cohesity and Rubrik.

System Recovery, Orchestration, and Automation at scale.

Financial systems involve complex interdependent server and storage configurations that are built with redundancy to provide the utmost resilience. The deployment, maintenance, and protection of these systems presents specific challenges due to scale. For instance, a single service such as payments may be supported by thousands of server instances across multiple geographies for many financial firms. Recovery and replication solutions from Cristie Software offer several mechanisms to facilitate bulk server mapping and recovery:

  • Direct bulk system mapping through the Cristie Virtual Appliance (VA) and/or from CSV file import.
  • Optional bulk mapping and recovery actions using the Cristie SDK API based on the Swagger OpenAPI specification which can be used to generate an SDK client in the programming language of your choice.
  • The Cristie recovery boot environment can easily be incorporated with common Intelligent Platform Management Interface (IPMI) implementations such as iDRAC (Dell) and iLO (HP). For Out-of-Band (OOB) systems management we offer DMTF Redfish® client standard libraries to manage physical systems with the same level of automation available for virtual machines.

 

Recovery orchestration to facilitate tiered financial system recovery.

Within any financial services infrastructure there will be a system recovery hierarchy necessary to accommodate system interdependencies. Cristie Software can help facilitate tiered system recovery through the system recovery orchestration features provided within the VA. Orchestration tasks allow for detailed fine tuning of system recoveries and replications including reboots, post recovery scripts, manual tasks, plus customisable options for actions following any stage failures. Full details can be found in the VA-Orchestration Guide.

 

Scenario Testing with Cristie Software Recovery Simulation.

The PRA Supervisory Statement SS1/21 section 6 describes the expected scenario testing firms should undertake to ensure they can remain within impact tolerances for important business services. The nature and frequency of a firm’s testing should be proportionate to the potential impact that disruption could cause and whether the operational resources supporting an important business service have materially changed.

Recovery simulation can be scheduled within the VA to test recoveries of any supported Cristie BMR product backups. Recovery of selected machines can be simulated within a simulate recovery job. The recovery destination can be any physical, virtual or cloud target. With a simulation job created, and at least one recovery machine added to the job, the VA will continue to restore simulations indefinitely until either manually booted, the job is suspended, or the target machine is deleted. It is possible to add multiple simulation machines to the same job.

Simplifying and automating system recovery to dissimilar platforms.

The machines within a recovery job do not need to be the same platform type. If the recovery target is of dissimilar hardware to the source system, then Cristie’s Dissimilar HardWare (DHW) technology can be enabled which automatically provides a path to additional drivers that may be required to successfully boot the target system.

RPO/RTO testing and reporting with Cristie Software.

The machines within a recovery job do not need to be the same platform type. If the recovery target is of dissimilar hardware to the source system, then Cristie’s Dissimilar HardWare (DHW) technology can be enabled which automatically provides a path to additional drivers that may be required to successfully boot the target system.

In summary.

Although March 2025 may sound far off, regulators will expect incremental progress during the transition period, so firms should be prepared to demonstrate this when the next impact events occur. Cristie Software provides system recovery solutions designed for automated large scale system recovery orchestration with the ability to undertake detailed system recovery simulations to assist self-assessment and regulatory compliance. Contact our team to learn more about simplifying key aspects of infrastructure recovery to help meet the requirements of operational resilience legislation. Visit the CloneManager® and System Recovery product pages for more information regarding the Cristie Software suite of solutions for system recovery, replication, migration, and ransomware protection.

Contact Us

Thank you for contacting us. We have received your request.