Continuity Management
The Business Continuity Management System (BCMS) aims to minimise the impact and duration of interruptions of business-critical processes in the event of an emergency or any disruption of relevant resources.
Organisation and responsibilities
The ECC and EEX Management Boards are responsible for the internal BCMS and any changes to it. The Continuity Management Function performs a definitory, advisory, coordinating, supervising, and validating role. Business continuity measures are implemented and tested under the responsibility of the respective organisational unit or function. The Continuity Management Function is responsible for Business Continuity Management, ICT Service Continuity Management and Incident & Crisis Management as part of the BCMS.
Contingency plans are created and validated at several levels:
- organisation-wide emergency manual
- mission-critical processes by the respective operating departments,
- mission-critical ICT resources
- mission-critical service providers, and
- pre-designed scenario-specific Incident & Crisis Management procedures and scenario-specific crisis communication plans
The EEX/ECC BCM framework is designed according to the relevant aspects of the EEX/ECC business and risk strategy as well as the applicable regulatory requirements. It is reflected in and communicated through various internal documents, including
- a dedicated BCMS policy,
- organisational guidelines for Incident and Crisis Management, and Critical Service Provider Continuity, and
- Business Impact Analysis, IT Service Continuity Management, contingency planning and testing as well as Crisis Management procedures.
Collectively, the operational procedures and the contingency plans created under the BCM framework define roles and responsibilities to ensure business continuity in the event of an incident, emergency or crisis.
Mission-critical processes and related resources
Mission-critical processes as well as the underlying time-critical technical and organisational resources are defined in the Business Impact Analysis (BIA) and reviewed at least annually.
The business-critical departments prepare and continuously update adequate contingency plans for the failure scenarios described below. All employees know their contingency plans and work from the back-up office regularly to familiarise with the secondary site and the emergency processes like the activation of alternative processes and resources.
To secure the execution of the mission-critical processes in line with the applicable period, the recovery time (RTO) must be shorter than the maximum tolerable period of disruption (MTPD). Where possible, preventive measures are taken to ensure timely availability and recoverability.
All employees are regularly trained on contingency plans and work from alternative workplaces frequently to familiarise with the emergency processes. Contingency plans are regularly tested and validated under the supervision of the Continuity Management Function; deficiencies are identified, activities are defined and continuously managed until remediation. The management board gets informed regularly about the continuity readiness.
Failure scenarios and business continuity strategies
The following failure scenarios are considered in the Business Impact Analysis and form the basis for contingency planning.
| Workspace unavailability | Staff unavailability | Unavailability of IT Resources | Service Provider unavailability |
|---|---|---|---|
| No primary office access |
| No Internet |
|
| No backup office access | No Telephone Connection | ||
| No facilities accessible | No or not enough staff at backup location
| No internal/external connectivity | Unavailability of critical infrastructures** |
| No power / electricity
| Application unavailable | ||
| IDP unavailability |
* Disruptions of provided IT Resources are covered under “Unavailability of IT Resources”
** This concerns third-party infrastructures that EEX/ECC are reliant upon, but which are not managed as a procured service, e.g. Central Banks and their payment infrastructure (e.g. T2), Energy Market infrastructure, etc.
Workspace unavailability
For cases of emergency, a back-up office with fully equipped workstations is available for all mission-critical departments. The backup office is equipped with a redundant infrastructure connection from the primary office. Further, remote access enables to switch all mission-critical processes, e.g. to home office.
Staff unavailability
To ensure a robust level of redundancy during emergencies, mission-critical processes can be carried-out by trained personnel through measures such as job rotation, targeted education and training, distributed operations, and business transfer. Shift planning ensures that a minimum degree of personnel resources is always available. 24/7 availability is ensured by the means of remote access.
IT unavailability
To ensure the high-availability operation of mission-critical applications, EEX/ECC uses redundant data centres with redundant connections and power supply lines. In the event of the failure of a critical component in one data centre, operation is automatically switched to the other data centre without loss of data and before the defined critical cut-off time.
Supplier unavailability
Before outsourcing services, EEX/ECC examines the performance of new service providers and establishes service levels which are monitored continuously. Mission-critical suppliers must comply with the defined recovery parameters for EEX/ECC mission-critical processes.
Training, testing, and control
All employees are informed of the plans and regularly work from alternative workplaces to familiarise with the emergency processes. Continuity Management arrangements are regularly tested and validated under the supervision of the Continuity Management Function; weaknesses are identified, remediating measures are defined and managed until completion.