The continuity of the company’s business processes is one of the most important tasks of NSD’s management.
In accordance with NSD’s mission and operational model, the business continuity management system (BCMS) covers all of NSD’s key business areas:
- Central Securities Depository;
- Payment System;
- Tri-party Services; and
- Information Center.
To meet the business continuity objectives, NSD applies the most recent methodologies developed by internationally recognized organizations and best practices, both foreign and domestic. The principal standard NSD seeks to follow in developing the BCMS is ISO 22301:2012 (Societal security — Business continuity management systems — Requirements).
The work aimed at ensuring the reliability of critical processes is systematic and consistent. Business continuity management is supported by NSD’s senior executives (with the Chairman of the Executive Board being in charge), and necessary resources are being allocated to ensure the proper security of business processes. A designated business unit responsible for ensuring business continuity, the Business Continuity Service (BCS), is established within NSD, the personnel of which take training on a regular basis at relevant training organizations.
The high-level document that describes the key approaches to the BCMS is the Business Continuity Policy updated at least on an annual basis or more frequently, to reflect significant changes in NSD’s organizational and staff structure or business processes.
The key business continuity objectives include:
- ensuring NSD’s ability to meet its obligations to clients and partners, and prevention of disruption of NSD’s day-to-day operations;
- ensuring that all business continuity methods meet the applicable requirements of Russian state authorities, laws and regulations, and NSD’s policies, procedures, and plans;
- mitigation of consequences resulting from disruption of NSD’s day-to-day operations (including financial losses, loss of data, and loss of reputation);
- in the event of an emergency, restoration of NSD’s business processes within the prescribed time limits;
- determining a list of NSD’s critical processes;
- maintaining the level of management at NSD, which allows for making reasonable and optimal management decisions and their timely and full implementation; and
- ensuring favorable work and safety conditions for NSD’s employees, and safe environment for NSD’s visitors.
NSD has in place adequate backup infrastructure (the backup site and backup data center) that meets all of the requirements applicable to such facilities.
Since mid-2014, the backup site has been operating as a “hot site” (with some of the staff of critical business units working at the backup site on a continuous basis). The backup site is designed to accommodate NSD’s critically necessary staff (20% of the total headcount) and is capable to be used for running the key business processes. The backup site is located five kilometers from the main site. Redundant technical infrastructure, and power suppliers and telecommunications service providers different from those providing services to the main site, mitigate technology-related risks faced by the main site.
The backup data center is located 16 kilometers from the main site. Both the main and backup data centers are subject to more stringent requirements that are based on the recommendations of the Uptime Institute (USA) laid down in the document “Data Center Site Infrastructure Tier Standard: Topology”.
The main and backup sites are supplied with power independently from each other. Their power supply systems use uninterruptible power sources and diesel generators programmed for automatic operation with the possibility of being manually operated, which are designed to provide emergency power to NSD. The available amount of fuel allows for the operation of diesel generators for eight hours, and thanks to an agreement with a supplier for prompt fuel deliveries self-contained power generation at NSD is ensured for an indefinite period of time. Monthly maintenance of uninterruptible power sources and diesel generators, and test runs of diesel generators in automatic and manual modes secure the availability and reliability of NSD’s uninterrupted power supply system.
NSD has in place Business Continuity and Disaster Recovery Plans tested, reviewed, and updated on a continuous basis, and implements various processes aimed at mitigating unusual threats (e.g., the Epidemiological Risk Response Plan).
In addition, NSD runs tests of all elements of the BCMS on an annual basis, in particular:
- testing of IT systems and technical infrastructure of the backup site (backup site availability testing);
- testing of diesel generators’ automatic operation and testing of the automatic transfer switch designed to switch to accumulators;
- testing of the restoration of IT systems from backup server rooms/data centers; and
- testing of the interaction between Moscow Exchange Group companies in the event of emergencies.
Test results demonstrate NSD’s high reliability as a settlement depository.
To ensure failure-free operation of NSD’s IT systems, prevent loss of data, and secure high availability in the event of hardware or software failure, or in the event of emergencies, NSD’s IT systems are geographically redundant and interconnected with the use of dedicated communication lines.
NSD pays special attention to communication procedures to be used in the event of emergencies, which are tested on a regular basis. In the course of trainings arranged on non-business days, we test processes of cascade telephone alerting of NSD’s employees.
As part of the measures aimed at improving the BCMS, we assess the business continuity procedures in order to determine their suitability, adequacy, and effectiveness. Such assessment is made on the basis of the measures taken and test and training results. External auditors are engaged by NSD to assess whether the BCMS meets the best practices in the area of business continuity.