Você está na página 1de 66




Version 1.0






Bank commenced its initiatives to computerise branch operations in a

structured way, way back in 1992, when the Bankmaster was
introduced for branch operations. However, Bankmaster being a stand-
alone software, the Bank, during late 2000 thought the best way to
give the comfort of Anywhere banking to the customers is to have a
centralised solution. To this end, Bank acquired Core banking solution
from FNS, which is being customised by M/s Tata Consultancy
Services. The implementation of the software commenced during late

Bank has come a long way in bringing the branches of the group under
Core Banking Solution, which stands at 7428 as on date, SBI
accounting for 2706 and the Associate Banks at 4722. Bank has an
ambitious plan to bring in all the branches of the group under Core
Banking Solution shortly. Having taken such an important IT initiative,
it is imperative that we place suitable systems for Disaster Recovery
Plan (DRP) and Business Continuity Plan (BCP) for the Core Banking
Branches. Having an approved DRP / BCP is also a statutory
requirement from the audit angle.

To this end, a committee with the following members was constituted

to formulate a uniform DRP/ BCP for CBS branches of State Bank

Shri. S.Mahadevan DGM (IT-DRC) : Chairman

Shri. N.R.Roychoudhury AGM (Dev) : Member
Smt. Ashalatha Govind AGM (BO&S) : Member
Shri. Meghraj Khatri AGM (SBBJ) : Member
Shri. Ajay Naqib AGM (SBP) : Member
Shri. A.G.Aranha AGM (SBH) : Member
Shri. P.V.Rajamani CM (UAT) : Member

The committee under the valuable guidance of the CGM (IT) had come
out with a comprehensive DRP / BCP for branches.

I trust that the branches will make full use of the plan. I also trust that
the controllers and audit departments will use it as a handy reference
for their requirements in related areas. As the project is still in the
process of evolution, the plan will need updating. I welcome
suggestions and comments from all concerned for updating and
improving the contents.

I take this opportunity to compliment each and every member of the

committee for his or her contribution to this mammoth task.

Global IT Centre R.N.Ramanathan

Navi Mumbai Deputy Managing Director (IT)
February 7, 2006












1. A DISASTER is defined as an interruption of mission critical

information services for an unacceptable period of time. Disaster is

time related. An interruption during the peak business hours may

create greater problem than that occurs after the business hours.

Similarly, the period of interruption defines its characterization as a

disaster major or minor. Identification of major or minor

disasters has a direct link to the anticipated time required for

restoration to normalcy in the operation and retrieval of entire data

/ information from the system without any loss.

2. A DRP is a plan that defines the activities to be performed to bring

back the business operations back to normal, after the disaster

affects them.

3. Disaster Recovery Plan (DRP) is generally intended to identify and

assess the events that pose a threat to business continuity, to

determine the likely consequences and costs, should the disaster

strike, to establish a rational basis for deciding which business

activities prioritise for recovery and to draw procedures for speedy

recovery from disaster. The plan should accomplish three

objectives to:

3.1. Manage an immediate crisis.

3.2. Initiate actions to enable the business to continue in the

short term.

3.3. Establish the organizational procedure to manage medium

and long-term recovery.

4. Disaster Recovery Planning aims at minimizing loss potentials

through the development of capabilities and procedures in the wake

of non-speculative interruptions of critical business functions. DRP

is proactive in nature. An important component of this proactive

effect is planning for acquisition and installation of systems for

preventing avoidable disasters. Many disasters do not emanate

from a single debacle but develop over a period. The first objective

of DRP is to respond to a disaster potential before it becomes a

disaster. The second objective is to minimize the cost associated

with disaster potentials that cannot be eliminated.

5. To achieve the above objectives, we should identify the areas likely

to invite a disaster for the branch. The next stage involves

investigation and analysis of the existing scenario, at each branch,

in respect of several disaster avoidance facilities as classified below.

(Please refer to the checklists under Control Mechanisms

Existing in the DRP / BCP Exercise)

5.1. Environmental Security.

5.2. Physical security provisions involving hardware and

systems features.

5.3. Logical security requirements provided in the software.

5.4. Data security through procedures maintenance.

6. ENVIRONMENTAL SECURITY: The branch should review the status

in respect of the following disaster avoidance facilities at the branch

and arrange for corrective measures:

6.1. Temperature Control in the System Room (where Core

Server is kept) through Air Conditioners: - Inside

temperature should be between 18 to 20 degrees to avoid

possible server crash. A room thermometer should be kept

inside the system room. System room may have Split AC

instead of Window AC so that the compressor and other

main components of AC are kept outside the building away

from System room. This will avoid possibility of disaster on

account of electrical short circuit.

6.2. Dust Control: - System room should be kept free from

dust, unused superfluous material. Line printer should be

kept at a separate compartment attached to the system

room, in order to avoid paper dust coming out of the

printer. Cleaning of system room to be carried out by a

vacuum cleaner. All the workstations/nodes outside the

system room may be protected from dust with anti static

dust covers at the end of the day.

6.3. Protection from Insects: - Periodical anti-pesticide and anti

insecticide treatment to be carried out at the system room

and the branch premises. Eatables/beverages should not

be allowed inside the system room.

6.4. Physical Dislocation: - Physical shifting of hardware

components, including server should be handled carefully.

Electrical cables, Data cables running through should be

away from human intervention and these cables should not

be left dangling.

6.5. Fire Detection and Suppression: - Highest degree of threat

to human life, as well as to business operations posed by

fire, ranks it as first among all disaster potentials. A

checklist for fire prevention at the computerized system is


6.5.1. Ensure strict compliance of No Smoking policy

inside the branch premises.

6.5.2. Remove combustibles from the proximity of

potential ignites.

6.5.3. Replace certain types of synthetic carpets,

upholsteries, plastics etc with less hazardous


6.5.4. Arrange for inspection of all electrical devices,

extension cords etc., at periodic intervals by expert


6.5.5. Arrange for inspection by the local fire protection


6.5.6. Ensure setting up of fireproof partitions of system

room. Obtain annual certificate for fire ratings from

the appropriate local authority or banks engineer

regarding the equipment room walls, ceilings and


6.5.7. Ensure fire exits are unobstructed and clearly

marked. Identify fire and smoke detectors and

ensure that these are working properly.

6.5.8. Conduct regular fire evacuation drills to initiate a

disaster prevention awareness program within

branch staff and customers.

6.5.9. Locate fire suppression capabilities such as

standpipe/hose assemblies, sprinkler systems and

wall-mounted extinguishers. Check for, current

inspection and test labels.

6.5.10. Arrange for fire insurance policies to be updated

with appropriate noting in the branch document.

6.6. Power & UPS: -

6.6.1. The power supply to the building, the location of

the power distribution box shall be made known to

staff at the branch as also the alternative method

of power supply that exists in the event of


6.6.2. Recommendations of electrical experts should be

obtained for lightning protection and the capacity

of arresters to be located at the point of service

entry, for dissipating lightning energy before it

causes harm to the power devices.

6.6.3. A regular inspection of the equipments needs to be

arranged. UPS is one of the components of power

support system. It is sized and selected at all

branches to support a load required by the

hardware, lighting and other equipments.

6.6.4. The UPS room should be away from the system

room so that any short circuit shall not affect the

system room.

6.6.5. The branch has to ensure constant monitoring of

the function of the UPS, as sudden failure of UPS

may create disasters for the branch. The related

areas of monitoring are as follows: A small overhead passage may be created

between the system room and UPS

chamber to allow free flow of cool air from

the air conditioner unit of the system room

to UPS to provide optimum operating

temperature. The frequency converter, a component of

UPS needs to be inspected periodically to

ensure proper operation. UPS batteries need to be checked / tested

periodically to ensure that power reserves

will be available. Wherever required, the

UPS vendor may be asked to install Simple

Network Management Protocol (SNMP) in

consultation with the concerned hardware

vendor. This checks the battery storage

level and notifies users accordingly. A

service engineer of UPS vendor to be

stationed at the area where the branch is

situated for immediate support in the event

of UPS failure.

6.6.6. Power distribution panels for the system room used

for delivery of conditioned power from the UPS bus

to various load devices need to be checked

periodically. A diagram of electrical cabling

detailing various circuits and respective miniature

circuit breakers (MCBs) is displayed inside the UPS

room. Instructions regarding switching on and off

of the UPS should be prominently displayed inside

the UPS room.

6.6.7. Generators of adequate capacity are installed at

the branch to cope with prolonged interruption in

the power supply.

6.6.8. LAN cabling network is kept separated from the

electric cables. The electrical engineer at ZO/Local

Head Office may be requested to visit the branches

periodically and ensure that the LAN/Electrical

cabling is intact throughout the premises. The

floor of the system room be insulated with non-

static material like polyvinyl.

6.7. Water intrusion control measures: - Flooding is one of the

vital sources for possible disaster at branches. This may

result from natural disaster, structural faults within the

branch premises, plumbing leakage, and leakage from air

conditioners. The branch to ensure regular check up of the

existing facilities to exclude possibility of major disasters.

The system room is to be away from the toilet blocks.

6.8. Moisture Control: - Regular cleaning of the system room

and hardware components at the branch with dry cloth

would help in keeping off the moisture particularly during

monsoon season. The system room may be provided with

a hygrometer to make a note of humidity level and keep it

at the stipulated level (of RH-80% ). Packets of silica gel

may also be kept inside the system room, cabinets where

DATs (Digital Audio Tape)/ floppies are stored.


7.1. Physical access control:

7.1.1. Branch should assess the existing level of physical

security in respect of hardware equipment placed

at the system room/branch and plug in the loop

holes if any, in order to prevent damage to existing

hardware, prevent theft of hardware items and to

prevent unauthorized disclosure of information and

or data from the system.

7.1.2. Emergency relief arrangements should include

handing over the charge of systems in the event of

sudden incapacitation of the Identified Official


7.1.3. Personnel authorized to enter the system room, in

branches where the system room is provided, are

allowed after making due noting in the System

Room Access Register with time, date and purpose

of entry. The register should be perused by the

Manager (Accounts)/Branch Head. This should also

be perused by the Controllers on their visits to


7.2. Electronic Access Control: -

7.2.1. This should be ensured by way of password

authentication. All the authorized users should be

set up in the system and allotted passwords to

access the system. Any unauthorized user

attempting access to the system will be alerted and

the branch should observe such alerts as a hedge

against possible intrusion to the system.

7.2.2. It may be ensured that other software like screen

savers, free software or unauthorized software are

not installed in the server or at the workstations in

the branch.

7.2.3. It may be ensured that any standalone system with

Internet connectivity at the branch is not

connected to the CBS network.

7.3. Hardware Equipments:

7.3.1. Operational failure of hardware equipment is one of

the common causes of disaster. Server is the most

sensitive equipment whose failure may lead to a

complete halt in the system functioning at

branches. The branches should ensure that the

hardware vendor/AMC vendor carries out periodical

Preventive Maintenance job for all the hardware


7.3.2. It may be ensured that additional servers, printers

and other peripherals are placed at ZOCC/EDPs as

backup hardware.

7.3.3. It is mandatory to have the Anti Virus software

installed on the file server as also on the

workstations. No workstations should have floppy

drive/CD ROM drive.

7.3.4. Monitoring system resources Identified Official

(System) should monitor the system resources

e.g., free space available in the hard disk.

7.3.5. Annual Maintenance Contract - The Branch Head

should ensure that the AMC is renewed with the

hardware vendor before expiry of the contract

period. The relative AMCs to be recorded in branch


7.3.6. Insurance Cover Branches should ensure that

appropriate insurance coverage has been obtained

and kept current in respect of hardware equipment



measures for accessing to hardware, similar control mechanism

needs to be invoked to restrict access to the software for various

kinds of users. Meticulous observation of User Rights control

measures will help in the safety and security of the entire system.



9.1.1. Data Input Only authorized users have to input

all financial/non financial data in the system duly

supported by vouchers/input forms

approved/passed by the respective officials.

9.1.2. Authorise all Transactions in Queue The

concerned passing officials should immediately

authorize all transactions in the queue. Erroneous

entries when detected should be rejected and got

corrected from the maker.

9.1.3. Voucher Verification Report/GL Day Book /Other

Reports Checking Voucher Verification Report/GL

Day book and various other reports are generated

at the End of the day. These reports have to be

checked on a daily basis and any discrepancies

found, should be got rectified immediately.

9.1.4. GLIF reconciliation Balance in all technical

suspense accounts, cash suspense accounts and

system suspense accounts should be ideally nil at

the end of the day. Any outstanding should be

reconciled immediately by looking at GLIF reports.


9.2.1. DATA BACKUP: Data on the Server consists of various

items. For e.g., Branch database (cbprod),

Oracle Application software, B@NCS Link

Configuration, Reports etc., these should

be backed up on to DAT (Digital Audio

Tape) everyday as per laid down

instructions. This should be ensured by way

of keeping separate tapes for all the days.

In addition to Tape backups, a CD backup

should also be taken everyday on re-write

CDs (wherever CD writer is provided).

9.2.2. BACKUP MEDIA STORAGE STRATEGY: The next course of action would be to

identify a strategy for safe storage of

backed up data. Obviously, the On Site

storage strategy is a preferred one due to

easy access to backed up data. But this is

fraught with risk of timely retrieval of data

at the time of disaster. Hence Off Site

storage as given under may be continued.

9.2.3. OFF SITE STORAGE STRATEGY: While identifying the Off site storage

centre, two aspects have to be considered

viz., the proximity of the storage centre to

the concerned branch and authorization of

personnel of the branch for having access

to the backup data on tapes/floppies. The laid down instructions implies that the

tape backup and other backups / floppies

should be kept at the same branch

overnight before it is deposited to the

offsite place next morning. For this,

generally one of our branches situated

nearest and located conveniently to the

branch whose data is to be stored, is

designated as an off site storage centre

with appropriate arrangements for safe

keeping of the backup media in the

Lockers/Fire proof safe. In the absence of

any of our branches in the vicinity of the

data backing up branch, a branch of any

other commercial bank or financial

institution may be designated as storage

centre after ensuring safe storage

arrangements thereat. Prior approval of the Controlling Authority

need to be obtained before any storage

arrangement is made either with any of our

nearby branches or at any suitable place. The branch should maintain proper record

(Storage Media Record Register) for safe

deposit and withdrawal of backup

tapes/floppies by authorized personnel.

The branch head should peruse this

register at periodical intervals. The

Controllers, on their visit to the branches,

should ensure that the systems and

procedure as laid down are being followed

in this regard. The offsite storage centre should be

advised to keep proper record for safe

deposit and delivery of backup

tapes/floppies to authorized personnel only. The branches completing EOD signals early,

should strive to deposit the tapes/floppies

in the offsite storage location on the same

evening. If, for any reason, the backup

media could not be deposited on the same

day, suitable alternatives are to be made

by the branch and the controllers for safe

keeping of the backup media overnight.

The following alternatives may be

examined by the respective controllers and

the most suitable ones may be adopted

depending upon the branch convenience:

The tapes/floppies can be kept in a Fire Proof

Cabinet kept outside and far away from the system


At places where the Branch Managers residence is

located near the branch premises, the backup media

may be retained with him overnight.

The Identified Official (System) may carry the

backup tape to his residence.

At centers where Service Branch is operating till late

hours, arrangement may be made for shifting the

backup media to the Service Branch with due

acknowledgement. Whatever alternative is adopted for

overnight storage of backup media, the

days vouchers and EOD/BOD reports need

to be stored at the fireproof cabinet/vault

as an additional line of defence. Finally, backups so held in offsite location

must be periodically tested.


SOFTWARE CDs, FLOPPIES ETC., Administrator password created at the time

of initial installation of the system by the

Implementation team should be kept in a

sealed envelope duly signed by the

officials, in the custody of Branch Manager

after entering in the BRANCH DOCUMENT

register in a separate section earmarked for

Computers. The detailed procedure for

accessing this password and changing the

password, change of incumbency of Branch

Manager can be as per instructions laid

down by the Bank from time to time. Similarly, B@NCS24 branch software,

Windows NT OS, Oracle CD, SFMS Digital

Certificate Floppies etc., which have to be

held as BRANCH DOCUMENT should be

done so by the branches without any laxity

on the part of branch officials. Any

procedural lapses by the branch officials

may result in loss to the Bank.

10. Developing DRP for Branches: - Considering the growth in

business and dependence on Technology it is necessary that all

business units (branches) of Bank must have a DRP. The Bank has

also formed Crisis management teams at various levels including

the branches. Having approved DRP is a necessary requirement for

internal audit compliance. However most of the DRPs developed by

the branches are in the form of questionnaire, which cannot be

implemented during crisis. In order to provide guidance to the

branches we have developed a model DRP as a guideline. Actual

development however depends upon the branch operations,

location and specific risk assessment. Development of DRP is a

structured approach that calls for the following steps:

10.1. Assets inventory: Prepare a comprehensive list of all assets

at the branches. The final list should contain all the assets

at the branch including software licenses.

10.2. Threat Inventory: List out all the threats like Power failure,

Fire, Software problems, Hardware failure, Dial-up

connection on network PC etc.

10.3. Control Mechanisms - Existing: Check out existing controls

and analyze their performance against expected norms.

E.g. AMC vendor is supposed to perform preventive

maintenance periodically, or fire extinguisher should be

appropriate and being check regularly. Moreover all staff

should be able to use the fire extinguisher. Or backup of

data is being taken regularly and stored at different secure


10.4. Control Mechanisms Required: Prepare a list of control

mechanisms required and the cost involved, if any.

10.5. Prepare action plan based on different scenarios that can

interrupt business operations and assign a person for each


10.6. Simulate the scenario and test the plan.

11. Constitution of Disaster Recovery Teams: -

11.1. Managing an immediate crisis is likely to be devolved to a

pre-selected Crisis Management Committee (CRIMAC),

located at each Local Head Office where all major policy

decisions, arrived at the Central Office will be endorsed

during the contingency planning phase. Strategies will be

developed for implementing the policies. Each Zonal Office

(as well as controllers of the Commercial network

branches) will subsequently form a Crisis Management

Team (CRIMAT) for finalizing DRP separately for each of the

computerised branches in the module in consultation with

the respective branches where a local Disaster Recovery

Team (DRT) will also be structured.

Associate Banks: Managing an immediate crisis is likely to

be devolved to a pre-selected Crisis Management

Committee (CRIMAC), located at each Zonal Office where

all major policy decisions, arrived at the Head Office will be

endorsed during the contingency planning phase.

Strategies will be developed for implementing the policies.

Each Regional Office (as well as controllers of the

Commercial network branches) will subsequently form a

Crisis Management Team (CRIMAT) for finalizing DRP

separately for each of the computerized branches in the

Region in consultation with the respective branches where

a local Disaster Recovery Team (DRT) will also be


11.2. The Crisis Management Committees/Teams at the LHOs,

Zonal Offices and the branches, as stated above, may be

constituted with the following members:

11.2.1. CRIMAC: CGM of the circle, GMs, CDO, AGM

(ITSS), AGM (OPSP), CM (DPC), and other co-

opted members.

CRIMAC - Associate Banks: CGM, GMs, DGM

(CPPD), and other co-opted members.

11.2.2. CRIMAT: DGM of the module, AGMS of Regions,

MGR (ZOCC), and other co-opted members.

CRIMAT - Associate Banks: DGM of the Zone,

Controllers, MGR (EDP), and other co-opted


11.3. Besides, a task force at each module with nominated

specialists in computer related areas and also conversant

with the Bank's Systems & Procedures should be

constituted at the Zonal Office level. The task force should

be headed by one of the AGMs (with maximum number of

computerised branches under his control) with Manager

(ZOCC) and his team members as resource personnel,

or/and other officials as decided by the CRIMAT. The task

force will operate as the principal operating agency at the

controlling authority level, communicating with the branch

Disaster Recovery Teams, monitoring pre-disaster

preventive measures and post-disaster recovery activities

at the branches.

11.4. BRANCH DISASTER RECOVERY TEAM should consist of

Branch Manager, Accountant, Cash Officer, and

representatives from operators / officers, and Identified

Official (Systems) with emergency decision-making

capabilities. The roles and responsibilities of each member

of the team shall be clearly spelt out.

11.5. One important aspect of crisis management is to establish

the means to ensure good communication and control.

Efficient communications will be necessary between the

CRIMAC at LHO, CRIMAT at ZOCC and the rest of the

organisation, to the emergency services (police, fire, local

govt. authority) and to the outside world (customers,

suppliers, shareholders, etc.). The best way of achieving

this is to create a control room for this specific purpose at

the LHO and/or ZOs and provision for extra telephone and

fax lines at the smaller branches.

11.6. Branch Disaster Recovery Team (comprising of Branch

Head, Divisional Heads (if exist), Accountant, Cash Officer,

representative from Officers and Award Staff) will declare

the disaster at the branch under any of the following


11.6.1. Outage of Application and not recoverable for next

6 hours or above which may happen of the

following events:

16 Hard disk crash resulting in loss of critical

data. System resource failure e.g., connectivity

failure etc., resulting in the unavailability of

resources for computing. Virus attacks resulting in loss of critical

data/stoppage of critical applications. Hacking of core banking application

resulting in misuse of important data. Network attacks resulting in unauthorized

access to confidential data. Hardware theft resulting in monetary loss. Fire resulting in loss of software, data, and

hardware. Electricity failure because of natural

calamities, like storms, heavy rains, grid

problem at service provider side, hard disk

failure, data corruption, application

instability. Human error such as an administrator

accidentally erasing data or crashing a

network. Site disabled due to natural calamities.

11.6.2. Network failure & not recoverable for next 6 hours

or above.

11.6.3. Natural calamities such as fire, flood and site not

accessible for next 6 hours above.

11.6.4. Major maintenance at primary site resulting in site

unavailable for more than 6 hours.

11.7. The recovery strategies under the above DR Scenarios,

viz., (a) Outage of Application Server and not recoverable

for next 6 hours or above, (b) Major maintenance at

primary site at CBD Belapur keeping the site down more

than 6 hours, (c) Force majors such as fire, flood, site not

accessible for next 6 hours and above and (d) Network

failure and not recoverable for next 6 hours and above,

would be as under:

11.7.1. Branch Disaster Recovery Team will declare the

Disaster and will advise Controller, CBP-Navi

Mumbai, ITSS Department-LHO and ZOCC about

the disaster seeking their advices.

11.7.2. In case, Core Banking System at Primary site is

down, Core Banking Project will activate the DR

plan for core banking to switchover to the DR site

at Chennai. Sequence of recovery and recovery

time would be as under: Recovery of Bancs 24 (Core Banking) 120

minutes. Exim Bills (Trade Finance) 30 minutes. Finance One (CGL) 30 minutes. Total recovery time will be 180 minutes

(+/- 10% ) from the time the decision to

switch over to DR site is taken by the DR


11.7.3. In case, the connectivity between the branch and

Core Banking Project is not accessible, Branch

Disaster Recovery Team will advise Controller,

CBP-Navi Mumbai, ITSS Department-LHO and

ZOCC to pass on the information to SBI Networking

Department at Mumbai as well as local

representative of Datacraft about the disaster, for

initiating remedial measures.

11.7.4. In case of non-availability of the systems at the

branch due to any of the aforesaid four reasons for

less than 6 hours, requiring immediate remedial

measures, the Branch Disaster Recovery Team

may initiate any of the following three steps,

depending upon the prevalent situation: The branch users to be advised to post the

transactions into the system under Off-line

Functionality and upload the data as soon

as the connectivity is restored, strictly in

the manner detailed in CBS guidelines,

under confirmation to the Controller. The branch users to be advised to accept

cash deposits from the customers and to

maintain records of all such deposits

manually in the prescribed manner laid

down by the Bank. With regard to

withdrawals, the users to print the Deposit

and Loan Balance Files of previous day

from the Branch or from any of the nearest

branch/office and handle withdrawals

depending upon merit of each case and

basing on the Deposit / Loan Balance File

on maintaining records of all such

transactions manually, as per the existing

instructions of the Bank. Transfer vouchers

to be accepted by the branch users and

records thereof to be maintained manually,

as per the prescribed norms. All such

postings are to be made into the system as

soon as the connectivity is restored at the

branch, under confirmation to the

Controller. The branch users to be advised to perform

banking activities from another specified

branch, which has been approved by the

Controller. Cash transactions, if made at

the specified branch, to be handled in the

prescribed manner.

11.8. Staff members to be grouped into teams (not exceeding

four) and each team assigned a specific role in the DR


11.9. There has to be a change over of the teams every quarter /

half yearly depending on the number of teams. This would

address the issue of Continuing Education of the staff.

11.10. The names and addresses of the key personnel, vendors,

service providers, support officials and also the names and

addresses of all the staff of the branch are to be circulated.

12. The DRP itself is likely to contain considerable details of

corporate operations, systems and procedures. It should cover all

foreseen eventualities and must be dynamic, in so far as it must

constantly reflect where the organisation/branch/data centre is

now, not where it was two years or even six months ago. Keeping

the plan updated is, therefore, likely to be a continuous monitoring

job of a group of persons, may be operating at a level below the

level of CRIMAC, and CRIMAT to monitor and suggest for further

improvements and apprise the higher management with the

changes proposed in the plan with due rationale. A formal disaster

recovery planning exercise needs to be framed and renewed

quarterly between each of the CBS branches and their respective

controllers. A mid-year review of the branch activities associated

with the DRP needs to be conducted by the Controllers. What would

be a mistake is to ignore the potential for catastrophic events within

the increasingly technological environment in which today's

business operates.

13. The detailed DRP should be devised and compiled at the CBS-
Branch during 1 Week of January of every year, which must be

sent by CBS Branches to the Controlling Authority (in duplicate)

latest by 10 th January of every year. The duplicate of copy of the

plan, duly approved by the Controlling Authority, should be

recorded at the Branches as Branch Document. The maintenance

of the DRP could involve Update procedures and Control

procedures. The branches should review the detailed DRP (as

compiled in January of every year), at the beginning of April, July

and October of every year. The review report, including the changes

that are envisaged by branches at every quarter, be advised by

branches to their Controllers latest by 10 of April, July and

October. The duplicate of which, duly approved by the Controllers,

be retained along with the detailed original plan. For this purpose,

the DRP may contain the following items on Page-1 of the plan,

wherein the details of revisions, that are approved at quarterly

intervals, be incorporated therein:

Revision Page Previous Action Addendum Release

No. Page No. Taken /New Page Note


No Date Description

13.1. The Update procedures would consist of documenting

changes and modifications to be made to the DRP. The

responsibility for updating the various procedures in the

DRP would be with the DR Team leader. The Control

procedures would involve determining the number of copies

of the plan, assigning control numbers, reassign the plan

after incorporating changes, retrieve copies of the plan

from transferred / retired / resigned employees. The

control procedures could be entrusted to officials specially

designated for this purpose. A clause mentioning the name

of the Officer-in-charge and the status of the DRP is to be

incorporated in the Branch Managers Monthly Certificate

(BMMC). Any change in the hardware, software, personnel

and procedures are to be immediately incorporated in the

DRP. Based on the changes / modifications made during

the year, a review of the DRP to be taken up quarterly and

as and when deemed necessary.

13.2. Each DRP should become a part of branch document, and a

reference be made in the Branch Manager's Monthly

Certificate in regard to the compliance of associated

activities including testing of the recovery plan procedures.

In any case a DRP for the branch should be more exact and

holistic, with emphasis on quick recovery following a

disaster. The plan should also specify the testing program

at quarterly intervals with the involvement of the branch

personnel. Copies of the document to be circulated among

the DR team members on a need to know basis. A

Distribution Register to be maintained, listing the identity

of the individuals to whom the DRP is distributed. The

control numbers and the location of each copy the DRP are

also recorded in the Register.

14. Training: Training in DR procedures to be imparted to the team

members involved in operating the systems, like setting up the

hardware, re-routing the network communications and rebuilding


15. Rewards and recognition: Staff members should be encouraged

to suggest improvements to enhance the effectiveness and increase

the efficiency of DR operations. Incentive schemes may be

introduced to encourage high levels of participation.





1. A BCP is a plan that defines the activities to be performed that will

ensure continued business operations during any interruption that can

affect normal business operations. It includes events like absence of

personnel, power failure, system unavailability and also disastrous


2. Bank has embarked upon a massive programme to bring all

branches onto CBS platform. It is felt necessary to draw up a BCP for

branches, which deals with issues such as loss of connectivity, LAN

and WAN problems, server failure, host failure and such other

equipment failures. The primary objective of this document is to help

branches draw up a BCP for the branch, which can help the branch in

turn to cope with these events, which impact normal business

operations and affect customer service.

3. This document covers activities and events affecting branch level

systems, equipment and the like. This document will cover specific

transactions and services at the branch that are likely to be affected

and can largely be managed at branch level itself.

4. Failure of business continuity can be broadly classified into three


4.1. Temporary failure - lasting a few minutes.

4.2. Medium failure - lasting a few hours.

4.3. Long Term failure - lasting more than 24 hours.

5. This document broadly covers the following aspects:

5.1. LAN and WAN connectivity issues.

5.2. Server and Client issues.

5.3. Business Operations including Offline Functioning.

5.4. General guidelines on Maintenance.

6. LAN and WAN connectivity issues: Very often branches experience

that they are unable to connect to the CDC system or that certain

clients are not functioning. More often than not, the problems are

transient in nature and get resolved in the normal course. However, it

would be useful for the branch if they could identify the problems and

take appropriate action. Branches are advised to study the document

carefully and plan their responses to such situations in a systematic

and organized manner.

6.1. Problem Escalation:

6.1.1. Report to Datacraft Call Toll Free Telephone


6.1.2. Report after 15 minutes with details of problem and

response obtained from Datacraft to ZOCC / EDP

Zonal Office and to the Controller.

6.1.3. Simultaneously report matter to LHO ITS DEPT /


6.1.4. After 30 minutes, contact Core Banking Team at

Belapur / DGM, CPPD.

6.2. All branches must note that any extended delay in

conducting operations by branches should invariably be

brought to the notice of the Controller. Closure of business

cannot be done by branch without specific approval from

the Controller.

6.3. Datacraft will essentially deal with problems on network

connectivity outside the branch premises. Hence, their

personnel will, in response to branch report, be dealing

with problems in association with BSNL. In case the

problems are internal at the Router or Switch, also

Datacraft will attend to them.

6.4. Problems within the branch, which affect the local LAN,

must be dealt with by the Bank. This may be taken up in

consultation with ZOCC/ITS DEPT/EDP/CPPD and by

utilizing the services of the network provider/hardware


6.5. Preliminary analysis to be done by the branch staff before

escalating the matter, include:

6.5.1. Verifying all cable connections is proper and there

are no loose connections or connectors or I/O


6.5.2. Verifying power connections and availability to the

Router, Switch.

6.5.3. Verifying whether the network card is functioning.

6.5.4. Looking for any error messages about cable or

network card failure from the system.

6.5.5. Performing the LAN and WAN connectivity tests.

6.5.6. Recording error messages in a register for accurate

reporting of errors and to maintain records of

connectivity failures, with date and time indicated.

6.5.7. Recording the speed of response in milliseconds as

indicated from the output of the ping command.

6.5.8. Whether connections to the printers are in order.

6.6. All the above checks need to be done both from the server

as well as all the client nodes.

7. Server and Client Issues: This can happen at the branch due to

server crash or its non-availability for any other reason. In such

instance, branch should contact the vendor immediately and advise

ZOCC / EDP center of the problem.

7.1. These problems can arise due to several causes like

component failure, virus attacks, system load, power

fluctuations, system software files being corrupted or

damaged etc. In all such cases the branch should first

contact the vendor or the service provider handling the

AMC. Also the ZOCC / EDP center should be informed of the

development immediately.

7.2. These problems may affect either the server or the clients

or both. Some of the possible solutions that can be

explored in this event are replacement of server with a

standby server if available at short notice.

7.3. Zonal Offices should ensure availability of one or more

servers at key points such as Regional Offices, large

branches and other remote centers. Existing Bankmaster

(P-IV) servers can be configured for this purpose with all

required software including Oracle and B@ncs Link and anti

virus loaded.

7.4. Wherever feasible the vendor may also be requested to

provide a standby system of required configuration until

the main system becomes available. The services of the

vendor should invariably be used for such restoration of


7.5. Replacement of components (hard disk, memory cards,

power supply unit, network cards etc.) should be done by

the vendor immediately. Branch should discuss with the

vendor the nature of problem and obtain information on

expected time of replacement of components.

7.6. In case of network cards, however, the vendor may be

advised to configure the additional card usually available in

the system and restore the original configuration once the

new card becomes available. Most of the other

components can usually be replaced within a few days. It

must therefore be realized that server failure would usually

imply delays in restoration ranging from a few hours to

several days. Hence an alternate server being made

operational immediately or within a short time is the best


7.7. Reinstallation of operating system and all related system

software followed by installation of the application B@ncs-

24 and all associated components can be done at the

branch as copies of the Operating Software and all other

component software are available at the branch. In many

cases it will be necessary to restore certain files only that

may have got corrupted. In case of difficulty in this regard,

assistance of ZOCC / EDP officials or ITS DEPT / CPPD

officials may be sought. A copy of the latest application

software and other OS software can also be sourced from

the nearest branch on Core. Anti-virus CD and updates can

also be likewise obtained.

7.8. Reinstalling application: In some cases, the application

software files may have to be restored. The branch may

use the latest CD available at the branch for this purpose.

However, this must be done under supervision of the ZOCC

/ EDP official in consultation with ITS DEPT / CDC.

7.9. The installation manual (duly updated version) should be

referred to while carrying out this activity. It should be

ensured that the complete procedure is followed, since

there may have been various promotions / changes in the

application software files from CDC, these would not be

reflected in the copy of the CD available at the branch. A

copy, if available, at ZOCC / EDP center or at the branch

made from the server should be used. CARE MUST BE



7.10. Due care needs to be taken to ensure that the updated

version of the B@ncs-24 software is being installed. This

can be ensured by using the latest backup copy of the

application from the server instead of old CD. Alternatively

a copy can be obtained from ZOCC / EDP Center after

ensuring that appropriate changes are made to configure

the software for the branch and set other branch

parameters correctly.

7.11. Virus attack requires updated anti virus software and clean

up of the system, before use. The latest virus definitions

must be downloaded or obtained from the nearest branch,

ZOCC / EDP or ITS DEPT / CPPD or other sources and

system updated. Please ensure that only Symantec

Corporate Edition is loaded and updated. The current status

of anti virus can be determined by verifying the virus

definition date. This can be seen by double clicking on the

anti virus icon on the desktop taskbar (far right bottom

portion). If the date is not recent (less than a week), it

needs to be updated immediately and a scan run to see if

any virus has already attacked the system. Any virus found

must be deleted or at least quarantined. Help can be taken

from Data Craft or ZOCC / EDP officials for this purpose.

Detailed write up on the procedure to be followed for anti

virus installation and updating is available on branch

server, CDC site or ITS DEPT / CPPD site and may be

referred by the branch / ZOCC / EDP officials or vendor,

hardware engineer, if required.

7.12. UPS and related issues: Problems arising from power

fluctuations, non-availability of clean power to server and

nodes from UPS etc. will require long term solutions.

Branches should arrange for a study of the UPS

requirements and associated local raw power supply

problems and refer to their Controller for appropriate

action. In the event of a UPS failure, branch should contact

the UPS vendor or AMC holder immediately. Also advise

the ZOCC / EDP officials to follow up with vendor for

immediate servicing. Branches should verify the state of

the batteries connected to the UPS and seek help of the

vendor in correcting them. It may become necessary to

isolate the server and one or more key client systems from

the rest of the systems and arrange to provide power at

least to these critical systems. In most branches, a

separate 2 KVA UPS is provided / earmarked for the server

room. It is advisable to see that separate electrical wiring is

done for the sensitive equipment and systems (router,

server and key nodes and printers), so that the entire load

is distributed appropriately. Branches are cautioned against

directly connecting systems and other sensitive equipment

to raw power. All power supply to these systems must only

be through UPS.

8. Business Operations & Offline Functioning: The following options are

available for continuing operations when the Core Banking systems

become unavailable for any reason:

Manual Operations

Using Offline Functionality

Operating through the nearest Core Branch

8.1. The following procedures are to be followed while using the

Offline Functionality in Core, when connectivity is lost, for a

significant period of time. Intermittent failures may not

require invoking this functionality.

8.2. In situations where server or systems are not available, no

offline operations can be conducted by the branch. Branch

should take up operations at the nearest Core Branch.

Where there is no other CBS branch in the center, the

branch must undertake operations manually until systems

are restored.

8.3. Manual Operations:

8.3.1. Branch should use the latest available list of


8.3.2. If the list cannot be accessed for any reason,

branch should obtain the list from CDC through a

nearby CBS branch. Branch may contact the EDP

Center or CPPD/CDC for assistance.

8.3.3. As the list of balances in the files will be large, and

searching for a particular account manually will be

difficult, the file can be downloaded to MS Word or

Excel from where using the Search option, it will be

easier to search out accounts. Assistance of ZOCC

/ EDP officials may be sought for this purpose, if


8.3.4. The branch should maintain a manual record of

transactions put through using the Shadow files

balance as stated above. This is important and will

be the control document for all transactions put

through that day.

8.3.5. Branches should exercise great care during this

process. Since alternate delivery channels will

permit transactions on the account even when

branch is not operating through CDC, there is a risk

of overdrawing in accounts. The limit up to which

such transactions can be done, has to be fixed up

as approved by the respective controllers / ZO /


8.3.6. Branches may note that the shadow files are to be

downloaded everyday / refreshed every day. This

is done by ensuring that the Upload Shadow file

option is exercised during BOD or at any time

during the day on receipt of the shadow files, on a

daily basis without fail. Otherwise, the file will not

have the latest balances. In case shadow files are

not updated, report to CDC for updating.

8.3.7. Cash may need to be replenished during the day.

This can be done on the lines of the procedure

followed for manual operations.

8.3.8. Clearing can be done using the same list of

balances, but with caution. Passing of inward

clearing etc. can also be done in the same manner.

SWO services may be dispensed with in manual


8.3.9. Branch should update the available balance

manually during the day based upon transactions

done in cash, clearing and transfer at various

desks. It is advisable to use only a single list at the

branch for effective control.

8.4. Offline functionality: Offline functionality is a facility

provided in CBS to enable branches to undertake a limited

set of activities and maintain a reasonable level of

customer services. The facility, once activated, can be

utilized in part to offset the effects of disruption in

customer services at the branch. A detailed document on

this functionality is placed in Service Desk and

Publicshare for reference.

8.4.1. The restrictions on the nature and extent of

transactions that could be permitted under offline

functionality have got to be approved by the

respective controllers / ZO / LHO / HO.

8.4.2. It has been observed that some branches resort to

simply returning all instruments citing system

failure for non-participation in clearing. This is not

in order. The decision must be taken after obtaining

due approval from the Controller. Branches can and

should utilize available list of balances (loans and

deposits) to deal with most inward clearing

instruments. In particular, pre-paid instruments like

DDs and BCs must not be returned.

8.4.3. However branches should undertake all clearing

related transactions with due caution, as during

offline mode, other delivery channels remains open

and customers may draw out funds in their

accounts. Critical Outward Clearing instruments

may be disposed of at the discretion of the branch,

looking to the nature of transaction, amount, and

relationship with the customer and other factors.

High value clearing may be dealt with in the same

manner but with caution.

8.4.4. Branch may seek the approval of the Controller and

advise Clearing House that the branch would not be

able to participate in regular clearing as per time

discipline laid down. Extension of time may also be

sought if the situation warrants.

8.5. Offline Functionality procedures and guidelines: Special

care should be taken in undertaking transactions during

offline mode. A gist of the guidelines are as under:

8.5.1. Before switching over to offline mode, availability of

latest shadow files in branch server must be


8.5.2. Only users previously logged in at least once can

login during offline mode.

8.5.3. Since limits have already been defined for all users

with capability levels 0, all users can post debit

transactions up to limits set by the Bank for offline


8.5.4. Offline queues should have been set up by running

offlinequeue.sql, which will normally be done

during initial implementation.

8.5.5. Shadow files can be uploaded even in offline mode

and should be uploaded first.

8.5.6. System uses the last available shadow balance file

only even if it is not of current date.

8.5.7. System validates each transaction separately.

Hence, for every debit the system will validate only

against the latest balance reported in the shadow

balance file. It will not update the balance in this

file dynamically. Hence, branch should take extra

care to see that debits beyond the available balance

are not passed, by maintaining a manual record.

8.5.8. All Cash transactions may be done at the branch.

All cash drawer transactions including withdrawal of

cash from Vault by Vault Teller, issue of cash to

tellers, including Head Cashier, and back will be

possible in offline mode. It should be noted that

system processes these transactions using the

Store and Forward mechanism. In effect the

entries will be updated in the system when

connectivity is restored and Store & Forward menu

is used thereafter.

8.5.9. F7 shows transactions posted both under offline and

online modes, based upon the journal entry

available in local system. It does not show

transactions done through other delivery channels

like ATMs and Internet Banking.

8.5.10. Transfer batches can be created. However, system

will only post these batches after connectivity is

restored under the Store and Forward mechanism.

Failed transfer batches after Store and Forward

option is exercised, have to be posted again.

Similarly, failed cash batch transactions also need

to be taken up as per current procedures.

8.5.11. Image view transactions of home branch alone will

be available in offline mode.

8.5.12. Balance report can be printed out for both Deposits

and Loan transactions in offline mode. The

procedure is detailed in the Service Desk under

General Banking Account Balance Report from

Front End.

8.5.13. If connectivity fails more than once during the day,

the same procedure is to be followed as detailed


8.5.14. In the offline mode, SWOs can put through

transactions according to their respective


8.6. Operations at another Core Branch: In case the branch is

unable, for any reason, to operate from its own premises,

then transactions may be put through the nearest Core

Branch. The general guidelines for this purpose are as


8.6.1. Whenever operations are to be conducted at nearby

CBS branch, the home branch users must log in

under their own Branch Code, User ID and with

their existing passwords in the Login Screen at non-

home branch.

8.6.2. All Cash transactions (payments and receipts)

which were manually processed and recorded at

home branch (i.e., the branch at which connectivity

is lost) during the day will be posted and authorized

by the users of non-home branch (nearby branch)

only and not by the users or officers of the home

branch. After posting all cash transactions of home

branch by the users of non-home branch, the net of

cash receipts and payments on account of cash

transactions of home branch should be arrived at

and if the cash receipts of home branch are in

excess of cash payments, net amount will be

debited to home branch through BCGA / IBIT as if it

is a cash remittance to home branch or if the cash

payments are more than cash receipts, net amount

will be credited to home branch through Branch

Clearing General Account as if it is a cash

remittance received from home branch. After this

adjustment, closing cash of non-home branch will

be equal to their physical cash.

8.6.3. When home branch systems become operational,

home branch should respond to the Branch Clearing

General Account TRA / IBIT advice through cash

module. This will update their cash drawer and

physical cash will tally with the system cash.

8.6.4. The users of non-home branch should verify the

cash reports generated at the non-home branch

with the respective vouchers retained as branch

record of the non-home branch.

8.6.5. Customers should be encouraged to use the ATM

wherever possible.

8.6.6. Remittances: Customers may be encouraged to

use services of any other nearest branch.

8.6.7. Clearing Operations: It may be possible to put

through clearing operations of affected branch at

another CBS branch in the same center. This can be

undertaken like other transactions, with a duly

authorized official performing the transactions at

the non-home branch through trickle feed


8.6.8. The VVRs and other reports will be generated for

the home branch for such transactions, which

should be thoroughly checked. All daily reports will

be available in the branch server when connectivity

is established / restored or may be downloaded

from the nearby branch.

9. General:

9.1.1. It is very important that customers are advised of

the problems at the branch and in general terms of

the inability of the branch to provide the full range

of services. Their cooperation should be solicited,

in bearing with the Bank for the delay. In no case

should the customers be turned away without

explaining the reasons for the delays in service and

every effort should be made to accommodate their

reasonable requests. They may be advised of the

availability of alternate channels (ATM and Internet

Banking) providing the location details of the

nearest ATM and CBS branch if necessary.

Controllers should be kept informed of all

developments and for any guidance and assistance

in dealing with customers.

9.1.2. A proper and complete picture of the problems

faced and the nature of requirement at the branch

must be presented while communicating with the

Controllers, ZOCC/EDP, ITS DEPT/CPPD or CDC in

order to enable them to appreciate the issues better

and provide proper guidance.

9.1.3. Appropriate action on the lines suggested above

has to be initiated. However, it is advisable that the

decisions are taken after consultation, including

with staff and officers of the Bank, so that all

factors are considered before a decision is taken. It

should be noted that it would not be possible to

restore services or provide the full range of services

immediately. Hence, a reasoned view of what

services should be extended must be taken.

9.1.4. The branch may identify a group of staff and officer

employees responsible for all actions under the DRP

/ BCP. They will be responsible for undertaking

recovery actions, and conducting critical business

functions during the breakdown period. Their role

and responsibilities must be clearly documented

and advised to them.

9.1.5. An emergency contact list must be maintained at

the branch, both with the Branch Manager as well

as in the system room. The list should include

contact names, addresses, phone and cell numbers,

email addresses of the service personnel, systems

(hardware vendor), network (Datacraft), power,

ACs, Printers, Stationery, Media suppliers,

telephone services etc., It should also include the

contact details of key branch personnel, Controller,



9.1.6. Spare support equipment like printers, media,

cables, network components, extension boards,

stationery including security forms should be

maintained depending upon the size and criticality

of operations at the branch.

9.1.7. Spare server duly pre-configured be maintained at

Zonal Offices/Regional Offices/key branches.

9.1.8. Branch should have a clear plan on utilizing the

existing manpower, particularly when leave is being

availed of. Alternate personnel for all key functions

in CBS such as Head Cashier, Accountant, Field

Officer, DECO / SWP should be identified in advance

and used accordingly. This should not be left to be

decided only when situation arises, as sometimes, it

will become necessary to advise CDC for user

creation, providing access rights etc., in advance.

9.1.9. It should be the endeavor of the Branch to provide

a reasonable level of satisfactory services even in

time of disaster. Only proper planning and advance

preparation for dealing with such situations can

help the branch in rendering continued customer






This exercise is to be conducted by the branch during the first week of

January every year and reviewed at quarterly intervals (April, July &

October) and submitted to the respective Controlling Authority.


1. Name of the branch / code number:

2. Date of migration to core banking system:

3. Date of last approved Disaster Recovery Plan:

4. Date of I&A / RBI/ System Audit and compliance status of DP&RP

irregularities, if any:

1. _________________

2. _________________

3. _________________

5. Asset Inventory:

a. Specification of database servers installed at the branch:

1. ________________

2. ________________

3. ________________

4. ________________

5. ________________

b. Specification of any other server installed at the branch:

1. _______________

2. _______________

3. _______________

4. _______________

5. _______________

c. Details of Software installed at the branch including software


S.NO Software Details of license







d. Specification of terminals installed at the branch:

1. ________________

2. ________________

3. ________________

4. ________________

5. ________________

6. ________________

e. Number of Terminals:

S.NO Particulars Num ber

1. Number of Operator / SWO terminals

2. Number of Officer terminals

3. Number of terminals at the system room

4. Others


f. Number of printers:

S.NO Particulars Specification Num ber

1. Passbook Printers

2. Draft Printers

3. Laser Printers

4. Inkjet Printers

5. Dot Matrix Printers

6. Line Printers

7. Other Printers


g. Specification of UPS System / Batteries:

1. _______________________

2. _______________________

3. _______________________

4. _______________________

h. Specification of Generator System:

1. _______________________

2. _______________________

3. _______________________

4. _______________________

5. _______________________

i. Specification of Network installed at the branch:

1. _______________________

2. _______________________

3. _______________________

j. Whether branch has ATM? If yes, specification of ATM:

1. _______________________

2. _______________________

3. _______________________

k. Location and address of ATM (s): -








6. Threat inventory: (The list is only indicative. Please identify and list

out all the perceived threats of your branch) Put a check mark in

the field describing the applicable cause.

S.NO. Identify areas posing Potential causes which

threats to the branch m ay lead to disastrous

towards disaster. interruption.

1. External environment Premises prone to dust or

surrounding the branch other contaminations.

premises. Premises prone to noxious


Premises located in proximity

to a center storing / dealing

with hazardous materials.

Premises located in Flood

Prone area.

Premises located in the

region, which is prone to

heavy rains.

Premises located in

Earthquake Prone area.

Premises prone to Storm.

Premises prone to Waves /


Premises prone to Fire.

Premises prone to frequent

power failures.

Area prone to riots, strikes,


2. Internal or immediate Unsafe construction of the

environment within the branch premises, total or partial.

premises. Perceived threat of theft,

robbery, vandalism etc.,

Dampening of roof.

Unsafe cabling for electrical


Poor drainage facility.

Unkempt stationery room.

Perceived fire threat.

Perceived power failure.

3. System & Network failures Server crash.

Minor problems with the


Problems with Nodes.

Problems with Printers.

Generator failure.

UPS failure.

Connectivity problems.


7. Control Mechanism - Existing: (The list is only indicative. Please

identify and list out all the control mechanisms available at your


Software Security and support provision:

Whether backup media is stored onsite in a fire proof safe?


Arrangements for storing same day's backup media

overnight outside the Branch premises: (Yes / No)

Backup media for daily / weekly / month-end / quarter-

end / year-end stored at:







1. Appropriate checks have been adopted for electronic access

control of unauthorized users in the network as well as in

the software through password protection of users.

2. Different users have been given appropriate rights.

3. Auto time out functionality is in force.

4. All data input are subject to Maker-Checker concept.

5. Appropriate monitoring system is adopted to ensure second

level of checking of VVR and other system generated

reports / statements.

6. The Anti Virus software is update and run at stipulated

periodic intervals.

7. Conversion or system audit has been carried out

immediately after the branch went live.

8. Staff members are aware of Off Line functionality and can

serve the customers during connectivity blackouts.

9. Whether emergency telephone / Mobile Nos., e.g.,

Controller, CDC-Belapur, Service-Desk, ITSS Department-

LHO, ZOCC, Branch Disaster Recovery Team Members,

Hardware Vendors, UPS Vendors, Fire Brigade, Security

Officer, Police Station, etc., for communicating during an

emergency, have been prominently displayed at branch


10. Whether Admin Password is kept securely in a sealed

cover and is not being accessed without recording it in

Admin Access Register?




Checklist for Hardware:


1. Whether configuration of the hardware equipment matches

with the ordered for the branch by LHO?

2. Whether stand-by Generator set of required capacity has

been provided at the branch?

3. Whether network cable line has been kept separated from

the electrical cable?

4. Whether line printer has been placed separately but

adjacent to system room to avoid paper dust out of the


5. Whether hardware equipments have been insured for full

value through the respective Controller / as per existing

arrangement prevalent in Associate Banks?

6. Whether communication lines between the branch and CDC

as well as FPLB (Focal Point Link Branch) are working


7. Whether the leased lines for PSTN/VSAT for dedicated links

between branch and CBP are in order and whether payment

of the bills for the telephone lines is up-to-date?

8. Whether the leased lines for ISDN for redundancy for

dedicated links between branch and CBP are in order and

whether payment of the bills for the telephone lines is up-


9. Whether testing has been done regarding auto-change over

from primary line to ISDN line in case primary link failure?

10. Whether IP Phone, direct telephone line to Controller, CBP-

Navi Mumbai, ITSS Department-LHO and ZOCC is available

and whether payment of the bills for the telephone lines is


11. Whether free disk space on Branch Server is being

monitored to ensure that adequate free disk space is






Checklist for reducing environmental contaminations:


1. No-smoking policy in the branch premises and the system

room is enforced.

2. It is ensured that the air-conditioners in the branch and the

system room have been working in a prolific manner. The

air-conditioners are inspected for wear and tear at regular

intervals to ensure its functioning at optimum level of

temperature sufficient to keep the inside environment clean

and dust free. Also it is ensured that air-conditioner is not

drawing in unfiltered air from the outside environment as

this may inject urban pollution, including metallic

contamination, to the branch premises and system room.

3. It is ensured that the line printer has been kept at a

separate compartment adjacent to the system room to

avoid infusion of carbonaceous contaminants, e.g., paper

dust and printer toner into the system room.

4. It is ensured that each node is kept covered overnight after

the days work.

5. Arrange for computer room maintenance and cleaning at

regular intervals with vacuum cleaners with brush less

rotors, and non-ionic cleaning solutions.

6. It is ensured that periodical anti-pesticide treatments are

carried out at the system room and the branch premises.

7. It is ensured that food & drink not allowed inside the

system room.

8. Whether insecticide, rat-repellent, etc. are regularly

sprayed and used at the branch?

9. Whether air conditioning system is installed in the server

room and whether Thermometer / Hygrometer has been

fixed at Server Room to check if the temperature is

0 0
maintained at 18 to 20 and Relative Humidity (RH) at

80% ?





Fire prevention checklist:


1. Whether a no-smoking policy has been established and

followed at the branch and combustible articles removed

from the branch premises?

2. Are smoke detectors installed? If so, do they respond to


3. Are fire exits clearly marked and unobstructed?

4. Are fire suppression capabilities such as ceiling sprinklers,

standpipes, hose assemblies where prescribed and fire

extinguishers in evidence?

5. Are inspection labels on fire extinguishers current?

6. Is there arrangement for periodic inspection of all electrical

devices, extension cords, electrical wiring etc., by an expert


7. Are the room walls of system room fire rated?

8. Is there any arrangement for annual inspection of fire

prevention facilities at the branch premises by local fire

protection authority?

9. Are the fire awareness posters in evidence?

10. Does the branch conduct regular fire evacuation drills and

discuss disaster prevention awareness program with the

branch staff?

11. Can an employee tell you the approximate date of last fire

drill conducted at the branch?

12. Are wastepaper bins or printer paper stacked near the

electrical fixtures or equipment?

13. Whether fire insurance policies have been kept current with

due noting in branch document register?

14. Whether the branch security staff is trained in handling the

Smoke detector and fire extinguisher equipments installed

at the branch?

15. Whether an emergency EXIT has been provided at the

branch premises for use in a Disaster and whether all staff

have familiarised themselves with all available means of

exit from the building, including those that are not normally

used during regular working hours?


Checklist for reducing probability of Power caused disasters:


1. Is the utility point of service entry providing the

connections between local power utility and the branch

facility known to the member of the disaster recovery team

of the branch?

2. Is there any evidence of overloaded outlets within the


3. Are loose extension cords in evidence in traffic paths?

4. Whether power and surge protection requirements have

been identified and adequate surge protection devices have

been installed?

5. Whether primary source of electrical power has been

provided to branch?

6. Whether UPS system of adequate load capacity installed?

7. Whether adequate maintenance arrangements have been

made for the UPS system and its batteries?

8. Whether in case of a power failure, the UPS system gets

invoked as an instant backup?

9. Whether dedicated UPS can support the server and

desktops in case of elongated power supply interruption?

10. Whether emergency generators have been installed at the

branch to avoid disaster due to prolonged power


11. Is there any diagram of electrical cabling displayed at a

prominent place of the branch for information & awareness

of all concerned?

12. Has the LAN cabling been kept separated from the electrical








Checklist for prevention of water intrusion:


1. Is recent water damage evident on the walls, floors, or

ceiling arising out of plumbing leakage, leakage from

mainframe water-cooling systems or air conditioner or

faulty sprinkler systems?

2. Does water, sewer, or drainpipes pass through ceilings or

walls of the system room?

3. Is regular check up of the existing water intrusion control

facilities carried out?

4. Does the branch regularly carry out cleaning of the

hardware equipment with moisture absorbent dry cloth,

particularly during monsoon, to keep off moisture?







Checklist for Physical Access Control:

1. Identify electronic or manual locks on the doors of the

system room to ensure that entry in restricted.

2. Authentication control (through automatic locking of door)

is being followed to allow only authorised personnel to enter

system room or other sensitive areas within the system.

3. Establish a physical security awareness program for system

room personnel.

4. System room access register to be maintained properly

logging the names of the personnel accessing the system

room and the systems. The branch head should check the


5. Appropriate exit control measures are being followed to

control removal of sensitive data or equipment / component

from the branch or system room.

6. Authentication control measures should be designed so as

not to impede the disaster recovery functions during an

emergency, e.g., security measures should not restrict

access to the system room during emergency to shut down

the server or remove vital records.

7. Where electronic or mechanical locks are used, the key

codes or the copies of the keys (for manually operated

locks) should be kept in a sealed envelope, to be opened

only in event of an emergency. Ensure that this so-called

blind-drop method, established for access control

information, is not revealed to all except in an emergency.

8. Obtain copies of keys or key codes that may be used to

surmount physical access controls in an emergency.

Checklist for Document Distribution list and maintenance:


1. Whether a copy of the latest approved DRP / BCP has been

handed over against acknowledgement to (a) Controlling

Authority, (b) Branch Head and (c) Each member of Branch

Disaster Recovery Team and the acknowledgement kept as

branch record?

2. Hard copy as well as soft copy of the latest approved DRP /

BCP is retained as Branch Document.

3. A copy of the DRP / BCP signed by each member of the

staff in token of having read and understood the same is

recorded as Branch Document.

4. The DRP / BCP is reviewed at quarterly intervals.

5. Whether the approved copy of quarterly review of DRP /

BCP kept in Branch Document?







8. Control Mechanisms Required: (Items marked NO in 7.Control Mechanisms

Existing are to be listed out below. The list given below is only indicative)

S.NO Incidence Assets Preventive Corrective Solution Cost

Affected Measures Measures proposed Estim ated

1. Unavailability Data Daily backup Daily backup Daily ---

of data. of data, and of data, and backup of

reports. reports. data, and


2. Seepage. All Periodic AMC Vendor,

checking of if computers

premises by are affected.



3. Dust All Regular Support from Outsource -----

Pollution. cleaning by premises Cleaning

trained department operation.

persons and for repairs to

preventive premises,

maintenance AMC vendor

by AMC in case of

vendor. computer


4. Fire. All Fire Monitoring of Provide ---

Extinguisher, Fire training to

No Smoking Extinguisher all staff.

Policy. AMC and Detailed Fire

training to drill training

staff. to be given

to staff.

5. Faulty All Periodic Availability of AMC to be -----

Wiring. checking of Electrical entered in

all wiring. Diagram. to with




6. Power All UPS / AMC of UPS / Improve ---

Failure. Generator of Generator. capacity of

required UPS /

capacity. Generator

or replace


7. Machine All AMC with AMC vendor, Maintain ---

Malfunction. Hardware ZOCC/EDP Hardware

vendor - phone register /

---------- numbers monitor at

displayed in monthly

emergency intervals.


8. UPS failure All AMC with Monitoring of Upgradation ---

UPS Vendor - UPS / Vendor of UPS /

---------- performance. Generator

or replace


9. Network All AMC with Network

failure Network diagram

vendor - available,

---------- Telephone

numbers of







9. Action plan. Once approved by the controllers this can be displayed at the branch:

(This list is only indicative. This is to be prepared based on different scenarios that can

interrupt business operations of the branch.)

S.NO. Scenario Team Emergency Recovery Plan

m em bers Plan

1. Fire Ms. Raise the alarm. Assess the

Call the Fire damage and

Service. (All decide if the

emergency premises can be

numbers to be put to use.

displayed at the


Mr. Put off the main Check the

power switch. power situation

with experts



Mr. Attack the fire Reinstall the

origin with computers and

extinguisher. start the work.

This can be at


location. In the

same premises

if action 2 is


Mr. Guide the Reload the data

evacuation of from backup if

the premises. required.

Mr. Inform the Prepare a

concerned report, arrange

parties. for insurance

claim etc.,

2. Power failure. Ms. Observe the

working of

computer to

ensure that the

UPS is giving

the required


Mr. If UPS is down, Prepare a

call the Service report, restore

provider. the system, and

contact CDC for

unlocking users.










Checklist for Post-Disaster Management Activities:

1. Location/address/telephone number of the backup media

storage centre:

2. Location/address/telephone number of the designated CBS

branch or continuing operations following a disaster:

3. Insurance company to be informed about the loss and

formalities initiated for lodging insurance claim:

4. All members of disaster recovery team of the branch have been

assigned responsibilities for handling duties in terms of the

recovery management plan.

5. The controlling authority and Crisis Management Teams at LHO

and Zonal Office informed of the incidence of disaster.

6. In event of a hardware problem of serious nature or server

crash, call hardware engineer for support. If the problem is

likely to continue for indefinite period, arrange for shifting

stand-by file server from the designated off-site centre to the

branch for restoration of services.

7. If the branch site becomes completely inaccessible due to fire

or other natural calamities or otherwise, contact the crisis

management team at LHO/ZO, assemble the recovery team

members of the branch. Assign them the respective duties,

initiate actions for shifting operations to a designated nearby

CBS branch.

8. Arrange for remittance of manageable cash, adequate security

arrangements, transit insurance, staff augmentation etc., at the

nearby CBS branch.

9. Suitable notifications have to be arranged for information of

general public about the disaster, requesting customers to

operate their banking transactions from the substituted

backroom centre.

10. Controlling authority has to be apprised of the developments

from time to time.

11. All efforts to be continued for fast restoration of the lost

capabilities at the original branch site for resuming normal



Date: Signature of Branch Manager

Checklist for testing approved disaster recovery plan:

1. A disaster recovery team has been constituted (List of Yes/No

the team members to be appended) at the branch for

undertaking activities relating to disaster prevention and

post-disaster recovery of the branch operations.

2. The branch recovery team has been maintaining liaison Yes/No

with the LHO/ZO crisis management team members.

3. Last date of in-house meeting of the branch recovery


4. Last date of meeting of branch team with LHO/ZO team:

5. Drill on disaster recovery management held at the

branch on:

6. Certificate for holding D.R. Test submitted by the branch

to the controlling authority on:

7. Type of D.R. Test conducted at the branch:

Scenario I:

Scenario II:

(Each scenario depicts simulation of interruptions caused by

the potential threats surrounding the branch environment,

including H/W failure, Software related problems, power

failure and other infrastructure factors).

8. Results of D.R. Test conducted:

9. Obstacles faced in conducting D.R. Test:

10. Shortcomings observed in the test noted for


11. Proposed date for next D.R. Test:

DATE: Signature of Branch Manager












S.NO Actions Purpose Cost Tim e Rem arks

Proposed Estim ate Fram e



S.NO Actions Proposed Purpose Cost Tim e Rem arks

Estim ate Fram e