Commercial Bank is going to implement e-Banking system with 24×7 service. The bank needs to develop and implement information technology infrastructure mainly focusing on data center and disaster recovery center. It is also planning to implement ERP system. You are hired as the ICT expert for this project. Based on the above scenario, answer the following questions.
a) Discuss the recovery plan for new information system of this Bank.
b) How to implement an ERP in this Bank? What are the characteristics of ERP?
c) What are the key points to be taken into account while conducting a disaster recovery testing policy for disaster recovery center of this Bank?
Answers No 30
a) Disaster Recovery Plan (DRP) is to restore the operability of systems that support mission- critical and critical business processes. The objective is for the organization to return to normal operations as soon as possible. Since many mission-critical and critical business processes depend on a technology infrastructure consisting of applications, data, and IT hardware, the DRP should be an IT focused plan. Every organization should develop a Disaster Recovery Plan for all applications. Restoration of systems does not necessarily imply technology redundancy. The DRP may call for some procedures to be completed manually. The decision to revert to manual procedures, rather than to build and maintain an IT infrastructure is a cost- driven decision made the organization. Having a DRP in place reduces the risk that the duration of disruption in a business process does not go beyond what has been determined to be acceptable management in the organization. During the recovery phase, the focus is on establishing controls over occurring events to limit the risk of any additional losses.
This DRP is common to all systems and utilizes the following six steps:
• Develop the Business Contingency Planning Policy and Business Process
• Conduct a Risk Assessment
• Conduct the Business Impact Analysis (BIA)
• Develop Business Continuity and Recovery Strategies
• Conduct awareness, testing, and training of the DRP
• Conduct Disaster Recovery Plan maintenance and exercise
b) An ERP solution provides the core information system functions for the entire business. But usually an organization must redesign its business processes to fully exploit and use an ERP solution. Most organizations must still supplement the ERP solution with custom software applications to fulfill business requirements that are unique to the industry or business. For most organizations, an ERP implementation and integration represents the single largest information system project ever undertaken the organization. It can cost tens of millions of dollars and require a small army of managers, users, analysts, technical specialists, programmers, and consultants.
ERP applications are significant to systems analysts for several reasons. First, systems analysts may be involved in the decision to select and purchase an ERP solution. Second, and more common, systems analysts are frequently involved in the customization of the ERP solution, as well as the redesign of business processes to use the ERP solution. Third, if custom-built applications are to be developed within an organization that uses an ERP core solution, the ERP system‘s architecture significantly impacts the analysis and design of the custom application that must coexist and interoperate with the ERP system
ERP systems have following characteristics:
• ERP systems integrate the various processes in the organization.
• ERP systems use an enterprise-wide database which stores each data only once
• ERP systems allow access to the data in real time
• ERP systems support multiple currencies and languages.
• ERP system are flexible to accommodate the changing needs of an enterprise
• ERP has many features like security, authorization, referencing, responsibility and implementation of the business rules.
• ERP usage can be controlled at all levels such as the data, transaction, information and analysis level.
• In ERP systems, information is often recorded in a form that cannot be read without the use of computer.
• It is difficult to make changes after an ERP system has been implemented.
c) The key points of disaster recovery testing policy are as follows:
1. Secure management approval and funding for the test.
2. Provide detailed information about the test.
3. Make sure the entire test team is available on the planned test date.
4. Ensure the test does not conflict with other scheduled tests or activities.
5. Confirm test scripts are correct.
6. Verify that the test environment is ready.
7. Schedule a dry run of the test.
8. Be ready to halt the test if needed.
9. Have a scribe take notes.
10. Complete an after-action report about what worked and what failed.
11. Use the results from the test to update the DR plan.