The continuity of the company’s business processes is one of the most important tasks of NSD’s management.
In accordance with NSD’s mission and operational model, the business continuity management system (BCMS) covers all of NSD’s key business areas:
- Central Securities Depository;
- Payment System;
- Tri-party Services; and
- Information Center.
To meet the business continuity objectives, NSD applies the most recent methodologies developed by internationally recognized organizations and best practices, both foreign and domestic. The principal standard NSD seeks to follow in developing the BCMS is ISO 22301:2012 (Societal security — Business continuity management systems — Requirements).
The work aimed at ensuring the reliability of critical processes is systematic and consistent. Business continuity management is supported by NSD’s senior executives (with the Chairman of the Executive Board being in charge), and necessary resources are being allocated to ensure the proper security of business processes. A designated business unit responsible for ensuring business continuity, the Business Continuity Service (BCS), is established within NSD, the personnel of which take training on a regular basis at relevant training organizations.
The high-level document that describes the key approaches to the BCMS is the Business Continuity Policy updated at least on an annual basis or more frequently, to reflect significant changes in NSD’s organizational and staff structure or business processes.
The key business continuity objectives include:
- ensuring NSD’s ability to meet its obligations to clients and partners, and prevention of disruption of NSD’s day-to-day operations;
- ensuring that all business continuity methods meet the applicable requirements of Russian state authorities, laws and regulations, and NSD’s policies, procedures, and plans;
- mitigation of consequences resulting from disruption of NSD’s day-to-day operations (including financial losses, loss of data, and loss of reputation);
- in the event of an emergency, restoration of NSD’s business processes within the prescribed time limits;
- determining a list of NSD’s critical processes;
- maintaining the level of management at NSD, which allows for making reasonable and optimal management decisions and their timely and full implementation; and
- ensuring favorable work and safety conditions for NSD’s employees, and safe environment for NSD’s visitors.
NSD has in place adequate backup infrastructure (the backup site and backup data center) that meets all of the requirements applicable to such facilities.
Since mid-2014, the backup site has been operating as a “hot site” (with some of the staff of critical business units working at the backup site on a continuous basis). The backup site is designed to accommodate NSD’s critically necessary staff (20% of the total headcount) and is capable to be used for running the key business processes. The backup site is located five kilometers from the main site. Redundant technical infrastructure, and power suppliers and telecommunications service providers different from those providing services to the main site, mitigate technology-related risks faced by the main site.
The backup data center is located 16 kilometers from the main site. Both the main and backup data centers are subject to more stringent requirements that are based on the recommendations of the Uptime Institute (USA) laid down in the document “Data Center Site Infrastructure Tier Standard: Topology”.
The main and backup sites are supplied with power independently from each other. Their power supply systems use uninterruptible power sources and diesel generators programmed for automatic operation with the possibility of being manually operated, which are designed to provide emergency power to NSD. The available amount of fuel allows for the operation of diesel generators for eight hours, and thanks to an agreement with a supplier for prompt fuel deliveries self-contained power generation at NSD is ensured for an indefinite period of time. Monthly maintenance of uninterruptible power sources and diesel generators, and test runs of diesel generators in automatic and manual modes secure the availability and reliability of NSD’s uninterrupted power supply system.
NSD has in place Business Continuity and Disaster Recovery Plans tested, reviewed, and updated on a continuous basis, and implements various processes aimed at mitigating unusual threats (e.g., the Epidemiological Risk Response Plan).
In addition, NSD runs tests of all elements of the BCMS on an annual basis, in particular:
- testing of IT systems and technical infrastructure of the backup site (backup site availability testing);
- testing of diesel generators’ automatic operation and testing of the automatic transfer switch designed to switch to accumulators;
- testing of the restoration of IT systems from backup server rooms/data centers; and
- testing of the interaction between Moscow Exchange Group companies in the event of emergencies.
Test results demonstrate NSD’s high reliability as a settlement depository.
To ensure failure-free operation of NSD’s IT systems, prevent loss of data, and secure high availability in the event of hardware or software failure, or in the event of emergencies, NSD’s IT systems are geographically redundant and interconnected with the use of dedicated communication lines.
NSD pays special attention to communication procedures to be used in the event of emergencies, which are tested on a regular basis. In the course of trainings arranged on non-business days, we test processes of cascade telephone alerting of NSD’s employees.
As part of the measures aimed at improving the BCMS, we assess the business continuity procedures in order to determine their suitability, adequacy, and effectiveness. Such assessment is made on the basis of the measures taken and test and training results. External auditors are engaged by NSD to assess whether the BCMS meets the best practices in the area of business continuity.
Fighting the COVID-19 Pandemic
The measures being taken to ensure our business continuity and safety and security of our clients and employees and to protect their health in the face of the global spread of the coronavirus disease (COVID-19) include both full compliance with the regulatory requirements and restrictions imposed in Moscow and Moscow Region and implementation of the Business Continuity Strategy and relevant business continuity plans.
More than 90% of our employees work at home. To protect those employees who continue working from office, certain arrangements have been put in place to minimize risks to their health in the current situation.
To ensure uninterrupted services, NSD is continuously monitoring the situation both globally and at the level of the Group and the company, analyzing related risks and threats, and applying optimal response measures and business continuity strategies that include both organizational and technical solutions.
While most of our employees now work at home and our processes are being adapted to the new environment, we are committed to provide our services properly.
For more details regarding the measures being taken, please refer to our regular communications posted on NSD's official web site for our clients and partners:
- Dedicated page with information updated on a regular basis
- Communication dated 3 April: NSD’s Operating Hours from 6 April 2020
- Communication dated 26 March: On measures being taken to ensure the continuity of services and to protect the health and safety of clients and employees
- Communication dated 17 March: NSD implements the business continuity plan in the context of the world coronavirus pandemic