Royzz & Co
SEBI issues guidelines for BusinessContinuity Plan (BCP) and DisasterRecovery (DR) of MMIs
The Securities and Exchange Board of India (SEBI) has issued guidelines regarding the Business Continuity Plan (BCP) and Disaster Recovery of Market Infrastructure Institutions, with a view to reduce the time period for moving from Primary Data (PDC) Centre to Disaster Recovery Site (DRS). The modified framework requires that Stock Exchanges, Clearing Corporations and Depositories will have in place BCP, DRS, and Near Site (NS) (together referred to as MIIs) in order to maintain data and transaction integrity and zero data loss. The guidelines also state that the DRS and PDC must either be in different seismic zones or a minimum distance of 500 km apart. As per the guidelines, the maximum tolerable period for which data might be lost due to a major incident is 15 minutes.
A number of configuration guidelines have been provided to ensure high availability, fault tolerance, no single point of failure, zero data loss, and data and transaction integrity. In the event of a disruption, Incident Report Teams or Crisis Management Teams must declare a disaster within 30 minutes, invoke BCP, and shift operations from PDC to DRS as required. Regular DR drills have been prescribed on a quarterly basis, for at least one full trading day. The results and observations of these drills must be submitted before before the Governing Board of Stock Exchanges/ Clearing Corporations/ Depositories. Live trading sessions and scenarios of intraday shifting from PDC to DRS during the mock trading sessions have also been required.
MIIs are required to have a BCP-DR Policy in place, containing broad scenarios, Standard Operating Procedures, escalation hierarchy, communication protocols, record keeping policy, preparedness scenarios, preparedness of depositories, and frameworks for the monitoring of the health of critical systems. MIIs must submit their revised BCP-DR policy before SEBI within 3 months from the date of this circular, along with a System Audit.