Guide  |   Help  |   Contatti  |   Mappa  |   Glossario  |  

Business Continuity Plan

CC&G participates in the Contingency Working Group coordinated by the Bank of Italy, where guidelines and policies are established for the management of contingency risk at a national level. Among the members of this WG are lead Italian banks, Consob, SIA, Borsa Italiana, the Italian Banking Association.

CC&G is an ancillary system of the European payment system Target 2. Guarantee services and margins calls of CC&G are classified “very critical” by Bank of Italy and European Central Bank.

Consequently CC&G organizational and information technology structure has to be compliant to the aforesaid guidelines.

In particular:

1. The ICT solutions adopted permit risk scenarios to be managed efficiently.

2. Inemergency scenarios quick restart of systems must occur within less than 2 hours.

3. Every year ICT structure is subject to EDP auditing by internal and external auditors (Big4), using ISACA Methodology.

4. CC&G keeps Italian Authorities (Bank of Italy and Consob) regularly informed via: yearly copy of “EDP Auditing” performed by Auditors; copy of every new version of BCP(Business Continuity Plan), together the accompanying DRPs (Disaster Recovery Plans), answering to specific requests of documentations, etc..

5. Compliance of CC&G BCP to the guidelines of Bank of Italy and to the best practices of the auditors has to be certified by external auditors.

The ICT architecture consists of four sites connected any-to-any by high speed network supplied by two different carriers:

· Two locations with central processing (IT Central Sites – ITCS), permanently active and manned, each acting as disaster recovery for the other, located more than 500 km apart (Roma and Milano). Both locations are manned by operating and systems management personnel. Near the Roma ITCS we have a Business Continuity site.

· Two sites: main office in Roma and CC&G Secondary site in Milano.

· All production data are aligned in real time at both ITCS (asynchronous mode).

· Each ITCS is provided with all the equipments needed for the connection to Swift (T2 Payment system) and to RNI (Italian banking network).

· In a normal situations the production environment of the clearing system is running in one of the two ITCS; the other ITCS runs margin settlement, securities settlement, accounting, etc.

In CC&G all procedures and data-bases are triplicate (production and back-up on the same ITCS; disaster recovery on the other ITCS). In case of failure of a production environment, the duplicated information may be used to ensure the smooth functioning of the system. However, when the failure involves the whole ITCS, an off-site Disaster Recovery Plan (DRP) can be activated, ensuring the recovery of the information and restoring the operation of the system.

CC&G has never experienced a key system failure over the last years.

CC&G’s staff is available for production support on a 24 hours basis, 7 days a week.

Regarding the risks of outsourcing processes, CC&G complies with the guidelines of Bank of Italy. Essentially it maintains the full governance of its own processes, since it directly carries out development, maintenance and production support of its primary and critical applications, including clearing and risk management. The adopted technical and organizational solution makes the outsourcer replaceable if an exit strategy becomes necessary.

Since December 2007 the only outsourcer will be BIt Systems, the IT Company of the Borsa Italiana Group.

Each ITCS hosts also connect directly CC&G to Swift (Target2) and Italian Banking Network (RNI).

CC&G has set up the automated security procedures of its central equipments (high level security system embedded in the operative system of IBM i-Series) at levels according to the best practices.

Protected connections to external networks are insured by different methodologies, depending on the type:

o Connections with the markets, direct or indirect through X-TRM, are protected by security Market or Italian Interbank Network (RNI) standards.

With reference to data saving, the ‘real time’ data alignment ensures efficient back-up of all production data in both operating locations.

Data saving policy is automated by the IBM tool BRMS, that manages operations, changing and maintenance of supports.

Planning and control of information system is managed by a Capacity Planning process. With reference to Capacity Management CC&G considers requirements related to security standards, restart time in abnormal situations, availability of all needed test environments as well as performance requirements.

Using automated tools CC&G monitors either IT infrastructure (network and communications, devices and equipments) and critical processes. Automated alerts are sent to console operators, technician personnel and functional personnel via screen message, e_mail, SMS.



Corporate Data | Disclaimer | Copyright | Bribery Act | Codice di comportamento | Cookies | Privacy | P.IVA: n. 04289511000

2010 London Stock Exchange plc. All rights reserved