TaxTMI 
TaxTMI 
TaxTMI 
Guidelines for Business Continuity Plan (BCP) and Disaster Recovery (DR) of Qualified RTAs (QRTAs)
X X X X Extracts X X X X
X X X X Extracts X X X X
.... and perform systemically critical functions uninterruptedly in the securities market. 2. In view of the above, based on consultation with Technical Advisory Committee (TAC) of SEBI, it has been decided to issue guidelines for strengthening overall resiliency, the procedures at / governance of QRTAs for handling disruption, augmentation of systems and practices to achieve better Recovery Time Objective ("RTO") and Recovery Point Objective ("RPO"), and to improve overall preparedness by conducting periodic announced / unannounced drills. Hence, QRTAs are required to comply with the following framework for BCP and DR: 3. Organizational Resilience and Documentation 3.1. QRTAs shall have in place Business Continuity Plan (BCP) and Disaster ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....mic zones and in case due to certain reasons such as operational constraints, change of seismic zones, etc., minimum distance of 500 kilometre shall be ensured between PDC and DRS so that both DRS and PDC are not affected by the same disaster. 4.2. Hardware, system software, application environment, network and security devices and associated application environments of DRS and PDC shall have one to one correspondence between them. 4.3. QRTAs should develop systems that do not require configuration changes at the end of AMCs/other regulatory entities for switchover from the PDC to DRS. 4.4. In the event of disruption of any one or more of the 'Critical Systems' (an indicative list for QRTAs catering to AMCs is given below), the QRTA shal....
X X X X Extracts X X X X
X X X X Extracts X X X X
.... be within stipulated RTO and ensure high availability, right sizing, and no single point of failure. 4.11. Replication between PDC and NS should be synchronous to ensure zero data loss whereas, the one between PDC and DRS and between NS and DRS may be asynchronous. 4.12. Adequate resources (with appropriate training and experience) should be available at all times to handle operations at PDC, NS or DRS, as the case may be, on a regular basis as well as during disasters. 5. DR drills/Testing 5.1. QRTAs shall conduct periodic training programs to enhance the preparedness and awareness level among its employees and outsourced staff, vendors, etc. as per BCP policy. 5.2. DR drills should be conducted on a quarterly basis. These drills sh....
X X X X Extracts X X X X
X X X X Extracts X X X X
....mbers working at DRS have the abilities and skills to run live operations session independent of the PDC staff. 5.10. QRTAs shall include a scenario of intraday shifting from PDC to DRS during the mock operation sessions in order to demonstrate its preparedness to meet RTO/RPO as stipulated above. 5.11. QRTA should undertake and document Root Cause Analysis (RCA) of their technical/ system related problems in order to identify the causes and to prevent reoccurrence of similar problems. 6. BCP - DR Policy Document 6.1. QRTAs shall put in place a comprehensive BCP-DR policy document outlining the following: 6.1.1. Broad scenarios that would be defined as a Disaster for an QRTA (in addition to definition provided in para 4.4/4.5 of this ....
X X X X Extracts X X X X
X X X X Extracts X X X X
....entities to its critical systems and networks. 6.4. In case a QRTA desires to lease a DR premise from other entities (MII / Other Regulated Entities / Service Providers) the QRTA should ensure that such arrangements do not compromise confidentiality, integrity, availability, targeted performance and service levels of the QRTA's systems at the DRS. QRTAs should also ensure that proper segregation and monitoring is undertaken so as to isolate cyber events in the systems 6.5. The QRTAs should execute appropriate agreements with the corresponding Service Providers entailing Service Level Agreements, segregation details and obligations of the Service providers during normal operations and during "Disaster". 7. Considering the above, QRTAs are....