Type here the title of your presentation

Download Report

Transcript Type here the title of your presentation 

Risk and Business
Continuity at SWIFT
Harry Newman
Budapest 14 November 2007
Risk and Business Continuity
Slide 1
Risk and Business Continuity
 Community
ownership, governance, and
involvement in business continuity planning
 Technical
and operational excellence
 Assurance
and transparency
Risk and Business Continuity
Slide 2
Governance and Oversight
Oversight
National Bank of Belgium (lead overseer)
and G-10 central banks
Governance
Board
Board committees
National groups
User groups
SWIFT
community
Risk and Business Continuity
Slide 3
Risk and Business Continuity
 Community
ownership, governance, and
involvement in business continuity planning
 Technical
and operational excellence
 Assurance
and transparency
Risk and Business Continuity
Slide 4
Building the resilient financial infrastructure
A co-ordinated approach
SWIFT actions
 Service
continuity
improvements
 Crisis
Crisis mgmt
security procedures
and enhanced vetting
Service continuity
 Staff
People
cyber security and
hardened physical security
Security
 Stronger
management
Risk and Business Continuity
Slide 5
Security evolution of SWIFT services
1977
Members/
Messages
239/
15 million
1991
1995
430/
365 million
5,272/
604 million
1996
2003
2007
5,511/
7,527/
688 million 2048 million
Relationship
Management
BK Paper
BK Disc
Message
Authentication
BK Paper
BK Disc
PKI Keys Disc
Encryption
STEN
Access Control
Cylink
ICC Cards / Card Reader
RMA
PKI HSM
VPN Box
PKI HSM
Increased Security
Risk and Business Continuity
Slide 6
Resilience
Customer OPCs
Networks
Access
networks
SWIFT OPCs
SWIFT’s
backbone
network
Customer
Resilience across all dimensions
Risk and Business Continuity
Slide 7
Customer OPCs
Networks
Access
networks
Customer resilience
SWIFT OPCs
SWIFT’s
backbone
network
SWIFTSupport Enhanced for 108 Critical Customers
sending 75% of global traffic on SWIFTNet
 Mandate highest customer resilience
 Service managers perform system
and process health-checks
 Command centre handles crisis and
enforces post-incident improvement
actions
Dual sites
Single leased lines
Dual sites
and components
Dual sites, components
and Network Partners
SWIFT’s
backbone
network
Single site
SWIFT’s
backbone
network
Risk and Business Continuity
Slide 8
Resilient IP Access Network







Multi-vendor IP network managed by SWIFT
Risk spread across multiple networks
(AT&T, COLT, Equant, BT Infonet)
6 Backbone Access Points globally for Network
Partners to connect to Swift
Customers multiply connected to Swift
Secure VPN overlay network
Managed service
critical customers are
24x7 monitoring
encouraged to use
multiple network partners
Risk and Business Continuity
Slide 9
Swift Backbone Network




Global backbone network
Interconnect Swift’s OPCs and Backbone Access
Points
Designed for Dual Point of Failure (DPOF) resilience
– Resilience is built into both the backbone and the
networks carried over it
– Full capacity for main message flow under dual
failure conditions
Multiple carrier trunks using separate cables
– Routing of circuits dealt with to the road level to
avoid common points of failure for different
carriers
Risk and Business Continuity
Slide 10
Customer OPCs
SWIFT OPC resilience
Networks
Access
networks
SWIFT OPCs
SWIFT’s
backbone
network
Layer 1
Day to day resiliency. Multiple connections,
protected sites, built in backup within Operating Centres
Layer 2
Intercontinental backup in 30 minutes in the
unlikely event layer 1 fails
Layer 3
Disaster Recovery Infrastructure
for the extreme case where layer 2 is not enough
Risk and Business Continuity
Slide 11
Crisis management to the next level
SC3 - SWIFT Crisis Co-ordination and Communication
COMMAND
CENTRE
EURO
SC3
SECRETARIAT
US DOLLAR
SC3
JAPANESE
YEN
Risk and Business Continuity
Updates
SWIFT OPS
UK POUND
SWISS
FRANC
SWIFT Crisis
Management
+
OPC(s) resilience
and recovery
Slide 12
Customer support – 24 x 7 x 365
Risk and Business Continuity
Americas
EMEA
Asia Pacific
Slide 13
FNAO culture at SWIFT
Prevent
Plan
Incidents
Learn
Manage
Failure Is Not An Option
Risk and Business Continuity
Slide 14
Recent history of availability results
2007 YTD
Results *
2006
Result
2005
Result
2004
Result
FIN Core Service
99.976%
99.996%
99.999%
99.994%
SWIFTNet Core Service
99.992%
100%
99.999%
99.994%
Note: During this period, SWIFT resilience prevented availability impact from any natural
disasters, including the Taiwan earthquake in December 2006 that caused significant
problems for other service providers in Asia.
* Reflects YTD results through May 2007
Risk and Business Continuity
Slide 15
Risk and Business Continuity
 Community
ownership, governance, and
involvement in business continuity planning
 Technical
and operational excellence
 Assurance
and transparency
Risk and Business Continuity
Slide 16
Assurance and transparency
Providing greater assurance – SAS 70
Risk and Business Continuity
Slide 17
SWIFT’s on going commitment
Our vision is to be global financial community's foremost
messaging infrastructure that is lowest risk and highest
resilience
Risk and Business Continuity
Slide 18