Reduce liability for losses on commercial accounts by adhering to four requirements.
Carolina Alliance Bank Modernizes Disaster Recovery
Spartanburg, S.C.-based Carolina Alliance Bank provides high-caliber services to its customers with the understanding that today’s banking customers require 24/7 access to those services. One of the key technical advancements that Carolina Alliance recently made was migrating from its existing in-house disaster recovery solution to a cloud-based, hosted environment for its computer systems.
“The goal of the project was to streamline and modernize the bank’s cumbersome approach to disaster recovery, including compliance posture, security levels, testing times, recovery time and resources dedicated to the system,” said Lamar Simpson, chief financial officer of Carolina Alliance.
Carolina Alliance sought a technology partner to support its disaster recovery needs and its current challenges in redundancy as well as its future growth. Compliance played a major role in the selection process. The bank knew it needed financial industry expertise to maintain compliance with the banking industry’s constantly evolving regulatory compliance requirements.
“We had to eliminate the manual, tedious process of running a back-up disk drive every day and reduce the risks and resources it took to travel to our offsite safe storage center to swap out the disk,” said Simpson. “We knew we needed help beyond the vendors we were using for disaster recovery processes and testing. While the prior processes looked good on paper, bank employees found testing to be a cumbersome and labor-intensive effort. Testing revealed that the disaster plan did not provide the level of compliance and recovery time bank management felt the bank needed.”
Carolina Alliance installed Safe Systems’ Continuum and reduced its recovery time from several days to just a few hours. It also gained enhanced security, improved compliance, and reduced internal resources and man hours that needed to be dedicated to the task.
“The roles filled by bank personnel involved in technology management and operations are secondary to the primary job functions of these employees. Thus, the reduction in internal resources committed to disaster planning, testing and recovery was an important consideration in our decision,” Simpson said.
Recovery Time and Regulatory Considerations
The process of disaster recovery is not as simple as having a plan on the shelf. True recoverability depends on establishing recovery time objectives and then periodically testing the plan to validate that the recovery capabilities match the objectives. This is a component on which regulators are placing a greater focus, according to the bank.
“Regulators want to see a recovery method that has demonstrable and documented results,” said Simpson. “We couldn’t know our real recoverability until all components of business continuity are put through a comprehensive test.
“What we’ve seen from our recent experience with regulators and examiners is that redundancy to a different branch is no longer an option for banks with multiple branches. The system needs to be on a different power grid with separate communications sources — completely removed from our location for true redundancy. For banks like ours with a single office, meeting this requirement is even more difficult. Outsourcing the bank’s disaster recovery solution to a compliant, fully redundant system has taken care of all of this.”
Prior to outsourcing, Carolina Alliance had to dedicate two people, nearly two business days and a long drive to Atlanta to conduct a complicated yearly disaster recovery test. Once there, servers and communications devices were built from the bottom up with all the relevant data installed manually. Alternatively, the bank could arrange for servers and other equipment to be shipped (a 48-hour delivery time) to the bank, which normally added an additional one or two days to the process.
“Today, our computer system disaster recovery testing takes three to four hours. Our bank’s staff was spending holiday weekends going through this manual process, and now our time commitment is just a few hours to get a reliable test every year. Completely outsourcing this process is a huge burden alleviated from our bank,” said Tina Gainey, the bank’s network administrator.
Communicate with Time in Mind
In most bank environments, there are numerous vendors that must work in conjunction with the core processor. “The integration and communication required to speak to the core provider, as well as any vendor is a difficult, and not always successful undertaking,” said Simpson. “Seamless connectivity is a necessary prerequisite for successful disaster recovery, especially from a regulator’s point of view.”
Carolina Alliance now outsources this component of disaster recovery — all communication and scheduling during tests is handled by the team at Safe Systems. Once the recovery process is complete, the employee logs on to the network via secure remote access, from any location with an Internet connection, to validate connectivity and functionality.
“Time is the most important element in a business interruption. There is a small, critical window to receive a server, build it, switchover and recover data without having a profound effect on business operations and customer service levels,” Gainey said. “With Continuum, one employee coordinates the onsite activities, and all data is stored and replicated offsite at Safe Systems’ secure data centers. This enables our bank to recover much more quickly locally if something were to happen.”
Adhering to the banking industry’s regulatory compliance requirements on its own is a task that requires expertise, time and significant resource investment. Couple this with a costly disaster or other business interruption and an institution could be potentially crippled. To avoid this, Carolina Alliance Bank replaced its outdated backup systems with a tightly integrated, hosted recovery solution. Replacing its disaster recovery system has proven to be more secure, compliant and cost-effective than managing the bank’s previous in-house solution — all the while removing a major source of headaches for the CFO and network administrator.
Copyright (c) November 2012 by BankNews Media