Hewlett-Packard Company

Business Continuity Strategy

Definition for
QIIB
Prepared by: Tomas Nilsson MBCI
Senior Consultant
tomas.nilsson@hp.com
Project Document Id: Business Continuity Strategy Definition
Date Prepared: 2008-02-03
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Document Information
Project Name: BCP Project
Prepared By: Tomas Nilsson MBCI Document Version No: 1.2
Title: Senior Consultant Document Version Date: 2008-02-28
Reviewed By: Review Date:

Distribution List
From Date Phone/Fax/Email
Tomas Nilsson 2008-02-28 tomas.nilsson@hp.com

To Action* Due Date Phone/Fax/Email

Ahmed Tawfiq Review 2008-02-29 ahmedtawfiq@qiib.com.qa

* Action Types: Approve, Review, Inform, File, Action Required, Attend Meeting, Other (please specify)

Version History
Ver. No. Ver. Date Revised By Description Reviewer Status
0.1 2008-01-28 TN First draft/template Self Completed
0.2 2008-01-29 TN Input from BIA and RA Self Completed
1.0 2008-02-03 TN Final Self Completed
1.1 2008-02-06 TN Forgotten department added AT Approval
1.2 2008-02-28 TN Final after QIIB review AT Approval

HP Global Method HP Restricted Page 2 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Proprietary Notice
No part of this document (including any designs) may be reproduced in any form, published, broadcast or
transmitted or have an adaptation made of it, except with the prior written permission of Hewlett-Packard
Company to parties outside of QIIB.

Hewlett Packard makes no warranty of any kind concerning this document, including, but not limited to, the
implied warranties of merchantability and fitness for a particular purpose. Hewlett Packard shall not be liable for
errors contained herein or direct indirect, special incidental or consequential damages concerning the
furnishing, performance, or use of this material.

© Copyright 2007 Hewlett-Packard Company

HP Global Method HP Restricted Page 3 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
 QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Table of Contents
Proprietary Notice.............................................................................................................................................. 3
1 Executive Summary................................................................................................................................... 6
1.1 Summary of Key Findings and Recommendations............................................................................6
1.2 Conclusion......................................................................................................................................... 7
2 Introduction................................................................................................................................................ 8
3 Acknowledgements.................................................................................................................................... 9
4 Scope, Objectives and Assumptions..................................................................................................... 10
4.1 Scope.............................................................................................................................................. 10
4.2 Objectives........................................................................................................................................ 10
4.3 Assumptions.................................................................................................................................... 10
5 Business Continuity Strategy................................................................................................................. 12
5.1 Recovery Requirements.................................................................................................................. 12
5.1.1 Work Area Recovery....................................................................................................................... 12
5.1.2 IT Recovery..................................................................................................................................... 13
5.1.2.1 IT recovery requirements in the event of a total relocation from Main site.........................................................13
5.1.2.2 IT recovery requirements in the event of a total relocation from Hilal Call Centre site......................................14
5.1.2.3 IT recovery requirements in the event of an incident affecting IT only...............................................................14
5.1.3 Hard Copy Documentation Requirements.......................................................................................15
5.1.4 Mailroom Requirements.................................................................................................................. 15
5.1.5 Voice Communication Requirements.............................................................................................. 15
5.1.6 Network Requirements.................................................................................................................... 15
5.2 Recovery Strategy........................................................................................................................... 16
5.2.1 Work Area Recovery....................................................................................................................... 16
5.2.1.1 Main site............................................................................................................................................................. 16
5.2.1.2 Call Centre......................................................................................................................................................... 17
5.2.1.3 Alternative Strategy............................................................................................................................................ 17
5.2.2 IT recovery...................................................................................................................................... 17
5.2.2.1 Server recovery.................................................................................................................................................. 17
5.2.2.2 Data recovery..................................................................................................................................................... 19
5.2.2.3 PC recovery....................................................................................................................................................... 19
5.2.3 Hard Copy Documentation Recovery..............................................................................................19
5.2.4 Mailroom Recovery......................................................................................................................... 19
5.2.5 Voice Communication Recovery..................................................................................................... 20
5.2.6 Network Recovery........................................................................................................................... 20
Appendix A – IT Recovery Time Objectives by department.........................................................................21
Appendix B – Summary of Shortest Requested Recovery Time Objectives..............................................22
Appendix C – IT Recovery Capability............................................................................................................. 23

HP Global Method HP Restricted Page 4 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
 QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Appendix D – Workplace Relocation Suggestion............................................................................................... 24

HP Global Method HP Restricted Page 5 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

1 Executive Summary
The business recovery strategy needs to be able to cater for the following situations:
 Loss of hardware (e.g. IT equipment, LAN, test equipment)
 Loss of physical environment (e.g. due to fire, flood, power failure)
 Denial of access to buildings (e.g. terrorist threat, suspicious death)
 Loss of department/enterprise-wide service (e.g. virus attack)

1.1 Summary of Key Findings and Recommendations

The work area (office accommodation) recovery strategy needs to be able to cater for 71 people within the first
day, rising to 97 after 2-4 days. Eventually approximately 150 people need to be relocated. Utilising existing
QIIB premises, these requirements can be met by:
 Using the Call Centre Training room and the (planned) Wakrah recovery site
 Distributing 25 main branch staff over selected (preferably bigger anc centrally located) Doha branch
offices
 Distributing an additional 15-20 work area positions for headquarter staff over various Doha branch offices

As a long term solution, e.g. should the main site be totally destroyed, sourcing serviced office facilities could
be considered. But for immediate and mid term relocation needs this strategy should be sufficient.

There is a heavy reliance on the IT infrastructure. The Recovery Time Objective (RTO) for critical IT systems
range from virtually zero to 2 weeks. The majority must be available within 24 hours. This dictates that most
recovery servers and storage must be dedicated, but ship-to-site replacement equipment should also be
utilised:
 Split current “mission-critical” Windows and Unix server configurations between Main site and Wakrah
o Clustering and load balancing could be considered in the longer term
 Keep current strategy for AS/400
 Use a combination of dedicated and ship-to-site (if available) equipment for less critical servers and PCs
 Introduce remote backup
 Replicate critical data also on Windows and Unix
 Consider implementing a SAN
 Make daily centralised PC backup compulsory
 Maintain and keep standard PC images also for laptops.

There is significant reliance on hardcopy documentation. Important documents are poorly protected and a
number of these would be difficult or impossible to recreate. This is a known implication of Islamic banking and
is difficult to address, but the following should at least be seriously considered:
 Scan current and frequently used documentation and store electronic copies off site.
 Copy non-current documents and store at two different locations.
 Initiate discussions re legality in crisis situations with regulators and other relevant parties

The main print and mail equipment is hosted in the Main site mailroom. This is a single point of failure, and
should be remedied:
 Outsource entire printing and mailing function to a third party provider
o or
 Contract with a third party provider for printing and mailing in case original equipment is unavailable

Voice communication is critical for the Call Centre services, but is also important for the Main office, especially
so in a crisis situation:
 Ensure there is PABX capability and link capacity also at the recovery site.
 Arrange with Qtel for emergency re-routing of incoming calls
 Consider using mobile phones and e.g. Skype during the very initial recovery

HP Global Method HP Restricted Page 6 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

It is assumed that WAN links of sufficient capacity connects the in scope sites, but a common cause of
disruption is loss of communication lines. With only one provider it is hardly realistic to remove SPOFs but
given the circumstances the following can be recommended:
 Configure WAN links between main and recovery sites in a triangular fashion
 Make sure that branch and ATM networks are connected to both Main and Recovery site
 Consider satellite or IR links as backup for main WAN links

1.2 Conclusion
Today only the AS/400 environment and Active Directory stand any chance to be recovered from a disaster.
Current QIIB plans for improving disaster readiness prove that the issue is taken seriously. IT disaster
readiness can relatively easily be improved. One challenge is that the Wakrah recovery site will most probably
not accommodate enough work area positions required. Another, and bigger, challenge is to design and
implement effective recovery procedures for the big amounts of critical hard copy documentation.

HP Global Method HP Restricted Page 7 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

2 Introduction
Qatar International Islamic Bank (QIIB) is the leading Islamic bank in Qatar, managing 8 Billion QAR of assets
& equity and employing 310 staff. Islamic banking is a rapidly growing business, prompting more and more
banks to offer Islamic banking services. This increases the competitive pressure on QIIB. Qatar Central Bank
(QCB), the governing body of the Qatari financial services sector, has recently regulated that a business
continuity programme is mandatory for all banks. To protect its competitiveness and to meet regulatory
requirements QIIB has therefore initiated a business continuity project with the objective to implement a
business continuity programme. This Business Continuity Strategy Definition is the third step of this process.

This document summarises the findings from the BIA study conducted of QIIB operations within the Doha
headquarter and main branch site between 11th December and 18th December 2007, and the Risk Assessment
conducted between 8th January and 11th January 2008. It considers appropriate Business Continuity
Management (BCM) strategies and makes recommendations for ensuring the strategy and recovery solutions
meet the requirements of the business.

HP Global Method HP Restricted Page 8 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

3 Acknowledgements
The author would like to take this opportunity to thank Mr Ahmed Tawfiq for his continuing support pf this
project, and to all other QIIB employees who have willingly and promptly supplied information and guidance.

HP Global Method HP Restricted Page 9 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

4 Scope, Objectives and Assumptions

Business Continuity Management is essentially a combination of risk management and contingency planning.
This strategy report concentrates largely on contingency planning elements, as risk mitigation measures are
suggested in considerable detail in the Risk Assessment report.

4.1 Scope

The business functions encompassed by this Strategy Definition document are the following:

 Executive and administrative Head Office and Main Branch functions

 Corporate & Commercial Banking functions
 Primary and DR Data Centre operations

The sites addressed by the BIA comprise the following:

 Bank Street Doha Headquarter site

 Hilal Call Centre Site
 Salwa Road current DR site
 Wakrah future DR site

Not in scope is:

 Any other QIIB location/business function

4.2 Objectives
The purpose of this document is to provide guidance to QIIB when deciding on which Business Continuity
solutions to implement. Unlike the preceding Business Impact Analysis and Risk Assessment reports, this
document is not intended to draw a picture of the situation at a certain point in time, but rather to provide a
foundation for further discussion and planning. The main objectives are therefore to:
 Identify and recommend continuity solutions to meet business requirements identified by the Business
Impact Analysis and Risk Assessment.
Facilitate for executive management to plan for long term solutions (depending on the disaster scenario
at hand) by ensuring short to medium term continuity of operations following a disaster.
Any suggested recovery strategies must be subject to detailed investigation and solution design before being
implemented.

4.3 Assumptions

The recommended Business Continuity strategy is based on the following assumptions:

 The worst case scenario anticipated by the Business Continuity strategy is the loss of or denial of access to
the entire single building Head Office and Main Branch site (Main site) in Doha, with no major staff loss.
 Furthermore, the business recovery strategy needs to be able to cater for the following situations :
 Loss of hardware (e.g. IT equipment)
 Loss of physical environment (e.g. due to fire, flood, power failure)
 Denial of access to buildings (e.g. terrorist threat, suspicious death)
 Loss of department/enterprise-wide service (e.g. virus attack)
 The risk of an incident resulting in a simultaneous denial of access to two or more of the in scope sites, and
thereby invalidating the recovery strategy, is accepted by QIIB senior management.
 The training room at the Hilal Call Centre is available and able to be used as a work area recovery site.
HP Global Method HP Restricted Page 10 of 24
Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

 The former branch site at Wakrah will be adequately renovated and equipped to be used as the primary IT
and work area recovery site.
 There is space in other Doha branches where to relocate Main Branch staff.
 WAN links of adequate capacity are connecting all QIIB sites (including the planned Recovery Centre)
 LAN connections are readily available in all rooms at all QIIB sites.
 The Recovery Time and Recovery Point Objectives (tolerable downtime and tolerable data loss) identified
by the Business Impact Analysis, and on which the recommended strategy is based, are agreed and
approved by QIIB senior management.

HP Global Method HP Restricted Page 11 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

5 Business Continuity Strategy

5.1 Recovery Requirements

The work area and IT recovery requirements shown in this section are based on the BIA input, subsequently
validated/revised by QIIB. It should be noted, however, that additional detailed work will almost certainly be
required to further refine the Recovery Time Objectives and the recovery solutions ultimately implemented.

5.1.1 Work Area Recovery

The following table summarises the total minimum work area requirements to maintain essential business
functions in the event of a disaster or major incident affecting the Main site. A more detailed overview of
relocation requirements can be founding Appendix D.

Usual Required critical staff

Department
Total ASAP After 2-4 days
Information Services 13 10 10
Electronic Banking Services 6 3 7
Central Operations 12 6 8
Domestic Investment Ops /
7 2 5
Collateral Control
Central Accounting 6 4 4
Retail Banking Services HQ 3 1 1
Per Category A Branch 20* 10 15
Per Category B Branch 8 6 10
Per Category C Branch 4 3 3
Card Services 6 3 6
Call Centre 10 8 8
Credit & Market Risk
3 2 2
Management
Domestic Investment Ops / LoC
5 5 5
Retail
Appraisal & Engineering 4 2 4
Administrative Services 10 3 6
- Switchboard (part of Admin) 3 2 2
Investment & International Banking 8 5 8
Financial Control 4 4 4
Human Resources 6 2 3
Corporate Banking Services 5 4 4
SME Business Finance 6 2 5
Operational Risk 2 1 2
Recovery & Past Due Collection 2 1 2

HP Global Method HP Restricted Page 12 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Usual Required critical staff

Department
Total ASAP After 2-4 days
Media Communication 1 1 1
Internal Audit 6 0 0
Totals HQ Functions 125 71 97
Totals HQ Site incl. Main Branch 150 81 107
* Main Branch 25 heads

NB that these numbers only represent critical staff, i.e. the persons that are absolutely required to recover and
maintain basic critical business operations. They do not include any service or clerical staff, such as,
secretaries, messengers, catering staff etc. Switchboard operators have been included as maintaining client
communication during a crisis is important.

5.1.2 IT Recovery
As for all banks, IT is at the core of QIIB business. No business could be done without the IT systems. As there
are few, if any, off-the shelf applications supporting Islamic banking products QIIB relies heavily on in-house
application development and support. This actually emphasises the importance stated by the business units
during the BIA.

5.1.2.1 IT recovery requirements in the event of a total relocation from Main site

The following table shows, in priority order, the standalone and networked IT application systems to be
recovered in the event of a major incident affecting both office accommodation and IT at the Main site, resulting
in a relocation of critical users to work area recovery sites (staff numbers and departments are shown in 5.1.1
above).

Priority 1 Priority 2 Priority 3 Priority 4 Priority 5

RTO 0 – 30 min RTO 4 hours RTO 12 – 24 hours RTO 2 – 4 days RTO > 1 week
Electronic Clearing Network Customer Card MS-Office Signature
International Management Verification
USwitchware ATM Electronic PIN Mailer Delta CRM System
Journal
Call Centre System Estisna’a IVR Email (Exchange) Dociware
SMS Gateway
Equation Ijara Collateral Ofuq/Payroll HR QCB Online
Management System

Cashier Musawama Placid AutoCAD Primavera

SWIFT Mudarabah Asset Management Reuters

Trade Innovations Murabaha Maintenance Internet

Management
Wakala Mail System

Housemaid

Systems in italics in the table above are hosted in the Hilal Call Centre and will not be affected by a Main site
incident. User connectivity from the recovery site must however be ensured.
Detailed information on Recovery Time Objective (RTO) per department can be found in Appendix A and a
breakdown of applications with the same RTO in Appendix B.
HP Global Method HP Restricted Page 13 of 24
Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

5.1.2.2 IT recovery requirements in the event of a total relocation from Hilal Call Centre site

The following table shows, in priority order, the standalone and networked IT systems to be recovered in the
event of a major incident affecting both office accommodation and IT of the Hilal Call Centre site, resulting in a
relocation of critical users to work area recovery sites (staff numbers and departments are shown in 5.1.1
above).

Priority 1 Priority 2 Priority 3 Priority 4 Priority 5

RTO 0 – 30 min RTO 4 hours RTO 12 – 24 hours RTO 2 – 4 days RTO > 1 week
Call Centre System MS-Office Signature
Verification
CRM System
All other systems are hosted in the Main site data centre and will not be affected by a Call Centre incident. User
connectivity from the recovery site must however be ensured.
Detailed information on Recovery Time Objective (RTO) per department can be found in Appendix A and a
breakdown of applications with the same RTO in Appendix B.

5.1.2.3 IT recovery requirements in the event of an incident affecting IT only

The following table shows, in priority order, the network-based IT systems to be recovered in the event of a
major IT incident (where office accommodation is not affected). Recovery timescales may, in some cases, be
shorter than for a combined work area and IT recovery. This reflects the fact that business users are typically
less tolerant of lengthy IT downtime when the rest of the working environment is unaffected.

Priority 1 Priority 2 Priority 3 Priority 4 Priority 5

RTO 0 – 30 min RTO 4 hours RTO 12 – 24 hours RTO 2 – 4 days RTO > 1 week
Electronic Clearing Network Customer Card Email (Exchange) Signature
International Management Verification
USwitchware ATM Electronic PIN Mailer Ofuq/Payroll HR CRM System
Journal
Call Centre System Estisna’a IVR Dociware
SMS Gateway
Equation Ijara Collateral QCB Online
Management System

Cashier Musawama Placid Reuters

SWIFT Mudarabah Internet

Trade Innovations Murabaha

Wakala

Housemaid

Systems in italics in the table above are hosted in the Hilal Call Centre. NB that an IT incident may not affect all
listed systems, not even an entire site.
Detailed information on Recovery Time Objective (RTO) per department can be found in Appendix A and a
breakdown of applications with the same RTO in Appendix B.

HP Global Method HP Restricted Page 14 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

5.1.3 Hard Copy Documentation Requirements

Being an Islamic bank, QIIB can not function without access to hard copy documentation (collateral, warrants,
personnel files etc). In the event of an incident resulting in destruction or severe damage to office facilities, the
potential exists for the loss of files that are held in the offices in compliance with Sharia law.

The table below shows required critical hard copy documentation per department.

Department Documents Comments

Investment & International Banking Collateral, e.g. deeds Stored locally in filing cabinets or
fire safes
Corporate Banking Services Client files, client reviews, Stored locally in fire safes
collateral
SME Business Finance Approvals, client files, collateral Stored locally in fire safes
Credit & Market Risk Rating reports Stored locally in filing cabinets
Management
Appraisal & Engineering Appraisals, collateral, blueprints Stored locally in filing cabinets or
(Huge volumes!) openly
Domestic Investment Ops / Collateral, approvals, Stored locally in fire safes
Collateral Control agreements, client files
Domestic Investment Ops / LoC Collateral, client files, transaction Stored locally in filing cabinets or
Retail summaries, insurance policies fire safes
(Huge volumes!)
Central Accounting Data entry forms, vouchers, Stored locally but moved off site
checks daily for archiving
Internal Audit Audit reports Stored locally in filing cabinets
Administrative Services Contracts, purchase agreements, Stored locally in filing cabinets or
insurance policies, compliance openly
registrations
Human Resources Employment contracts, passports, Stored locally in filing cabinets or
work permits, personnel files fire safes

5.1.4 Mailroom Requirements

The main print and mail equipment is hosted in the Main site mailroom. This is single a point of failure, and a
critical one as neither statements nor notifications and bills can be sent in case of an incident damaging the
mailroom. This is special equipment, and rather old at that, that may not be easily sourced.

5.1.5 Voice Communication Requirements

Voice communication is critical for the Call Centre services, but is also important for the Main office, and
perhaps especially so in a crisis situation. It is essential to ensure PABX capability and line capacity also at the
recovery site.

5.1.6 Network Requirements

It is assumed that WAN links of sufficient capacity connects the in scope sites. A common cause of disruption
is however loss of communication lines, which is a disaster scenario that should be taken into consideration.
Using ISDN as backup for the WAN links will not always work since voice and data lines are channelled
together and enter the sites at the very same access points.

HP Global Method HP Restricted Page 15 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

5.2 Recovery Strategy

This section describes the various elements of the recommended business recovery strategy.

5.2.1 Work Area Recovery

QIIB has already decided to abandon the current contingency site at Salwa Road and instead turn the former
Wakrah branch into a contingency site for both IT and work area. That site is very suitable for this purpose and
will support the suggested strategy. It is however questionable if it will entirely provide the required work area
capacity. The seat numbers below are estimates based on site inspections.

The recovery requirements shown in section 5.1.1 can be met using a combination of existing and planned
QIIB locations but only by also utilising temporary office rental, as follows:

Workplace recovery capability is available as follows:

 New DR site at Wakrah; 50 – 60 seats plus IT bridge room of 10 seats (currently not equipped)
 Call Centre Training Room; 14 seats (fully equipped)
 Main Branch functions, and staff, can be spread out over other branch offices.

5.2.1.1 Main site

Should the entire main QIIB site be inaccessible, the immediate workplace requirement is 70 seats growing to
95 seats over the next few days. This means the soon to be available capacity of up to 74 seats, assuming the
positions at the new site will be adequately equipped, is sufficient for the initial requirements but a few more
positions must be made available, preferably within two to four days.

HP suggests that QIIB assesses the availability of commercially available recovery suites or other suitable
office space.

The Wakrah site will no longer be suitable as a branch office, why it is suggested that QIIB assesses the
capacity of other Doha branches to find a suitable “contingency main branch” and to verify that there is room to
relocate the main branch staff to other branches.

A few staff, primarily at management level, could possible work from home, but the dependence on access to
shared hard-copy documentation means that is not a viable option for most functions, why contingency work
area capacity for at least 100 heads is required.

Recovery
Solution Comments
Timescale
ASAP Relocate 10 IT critical staff to Wakrah. Bridge room in DR data centre.
Relocate 2 switchboard operators to the site Can be Wakrah, Hilal, other branch or commercially
hosting a contingency PABX available location
Relocate 14 critical staff (from as “standalone” The BCP should specify which location(s) are to be
functions as possible) to Hilal training room. used for each department’s critical staff.
Relocate Main Branch staff to other Doha Designate another branch as “contingency main
branches. branch” and/or spread staff over branches.
Relocate 44 critical staff from remaining Head Main office suite.
Office functions to Wakrah.
2-3 days Relocate 16 critical staff to Wakrah (will now be Some staff may be relocating again to keep
filled to capacity). departments together.
Relocate 9 critical staff to Secondary Work Area Previous agreements required.
Recovery site*.
Arrange for VPN access from home offices for
senior management and selected critical staff.

HP Global Method HP Restricted Page 16 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Recovery
Solution Comments
Timescale
4-5 days Continue operations with limited staff.
Crisis Management Team to source additional To accommodate remainder of staff to take load off
1-4 weeks local office accommodation via serviced offices staff having performed recovery and running
and/or temporary office rental. emergency operations.

* May be commercially available office space (e.g. temporary office suites, hotel conference facilities)

5.2.1.2 Call Centre

Should only the Hilal Call Centre site be inaccessible the Wakrah recovery site will easily accommodate the
work area recovery requirements. The entire Call Centre staff should relocate to Wakrah once a disaster is
declared.

NB that simultaneous disasters affecting the Call Centre and Main site is not foreseen, and will hence not be
supported by this strategy. To cover that scenario another 10-12 seats at the Secondary Work Area Recovery
site would be required.

5.2.1.3 Alternative Strategy

As the Wakrah recovery site is only in the early planning stage yet, QIIB might consider obtaining recovery
capability and associated services from a specialist provider. At least it is recommended to assess the
commercial availability of managed recovery suites in Qatar. Advantages of such a strategy are that all staff
can relocate to the same site, less effort has to be spent on maintenance of the recovery site and equipment,
and that no capital investment is required.

5.2.2 IT recovery
The IT recovery strategy needs to be able to cater for both an IT-specific incident (e.g. computer room fire),
whereby IT is affected but users are still able to work from their normal work area, and a wider scale incident
resulting in the loss of both IT and work area.

The IT Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) identified by the Business
Impact Analysis are aimed at addressing the needs of the business in the event of the former, but will also
enable the requirements of the latter to be met.

Only the core banking applications running on the AS/400 environment today meet the stated RTO and RPO
requirements. Most critical Windows and Unix systems are of a “mission-critical” configuration, i.e. data is
replicated and there are contingency servers available in the main data centre. This greatly reduces unplanned
downtime caused by technical glitches, but does not constitute any disaster readiness. It will howver make the
transition to a truly resilient IT environment much easier. The current disaster readiness, in terms of IT recovery
capability, is shown in Appendix C.

5.2.2.1 Server recovery

The very short RTO of 0 to 24 hours means that contingency servers need to be dedicated and constantly
available at the recovery site, to meet the lowest RTOs also active in a “hot standby” or “live-live” configuration
required. This is the case for all core banking applications. The most critical applications, which practically
never must stop (Electronic Clearing, Switchware, and Call Centre System), are run on platforms that are
suitable for clustering with automatic failover. For all other environments, some manual intervention will be
required. The philosophy applied is to keep things as simple as possible to meet stated requirements.

Systems with an RTO of 48 hours (only standalone PC based applications) or more can be recovered on
equipment made available after disaster invocation. Ideally this equipment is shipped in by a third party
provider offering ship-to-site DR equipment. If such services are not available in Qatar alternative solutions,

HP Global Method HP Restricted Page 17 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

e.g. a bespoke agreement with a hardware vendor should be sought. It is not only costly to keep idle standby
equipment, it also has a tendency to become used for other purposes “because it only sits there” and then
become unavailable for recovery purposes.

The table below outlines the recovery strategies for the respective RTO requirement.
Application System Platform RPO Suggested Recovery Strategy

Systems with RTO = 0

Electronic Clearing System Windows Client/Server 0 All dedicated equipment.
USwitchware Solaris 0 Servers clustered between main and recovery dc in (possibly load-balanced) live-live
Call Centre System Windows Client/server 0 configuration with automatic failover.
Data mirrored on transaction level.
Systems with RTO = 30 minutes
Equation AS/400 0 No change from today.
Cashier Windows Client/Server 0 All dedicated equipment.
SWIFT Windows Client/Server 0 Servers clustered between main and recovery dc in live-live configuration with manual
Trade Innovations Windows Client/Server 0 failover (for increased safety and lower cost)automatic failover.
Data mirrored on transaction level.
Systems with RTO = 4 hours
Estisna’a AS/400 0
Ijara AS/400 0
Mudarabah AS/400 0
No change from today.
Murabaha AS/400 0
Wakala AS/400 0
Housemaid AS/400 0
Network International n/a 0 Access points set up at recovery dc
Musawama Windows Client/Server 0 All dedicated equipment.
ATM Electronic Journal Windows Client/Server 0 Recovery servers running in a hot standby mode with manual startup of applications and
failover.
Data mirrored on hardware level.
Systems with RTO = 12 hours
Customer Card Management System Client/Server Solaris n/a Access points set up at recovery dc
PIN Mailer Windows n/a All dedicated equipment.
IVR Windows Client/Server n/a Recovery servers must have OS and applications installed but may be in cold standby
SMS Gateway Windows Client/Server n/a mode and started after disaster invocation.
Consider network connectivity at both sites.
Systems with RTO = 24 hours
Collateral Management System AS/400 0 All dedicated equipment.
Recovery servers must have OS and applications installed but may be in cold standby
mode and started after disaster invocation.
Data mirrored on hardware level.
Asset Management System Local PCs 24h Dedicated PCs.
Maintenance Management System Local PCs 24h Recovery from standard images.
Data recovered from central backup.
Mail System Standalone special kit 24h See section 5.2.4
Placid Windows 24h All dedicated equipment.
Recovery servers may have OS and applications installed but should be in cold standby
mode and started after disaster invocation.
Data recovered from tape (last backup).
Systems with RTO = 48 hours
Delta Local PCs 24h Dedicated PCs.
MS-Office Local PCs 24h Recovery from standard images. Data recovered from central backup.
Systems with RTO = 3 - 4 days
AutoCAD Local PCs 24h Dedicated PCs.
Recovery from standard images.
Data recovered from central backup.
Ofuq / Payroll and HR System Windows Client/Server 24h All dedicated equipment.
Recovery servers may have OS and applications installed but should be in cold standby
mode and started after disaster invocation.
Email (Exchange) Windows Client/Server 24h Data recovered from tape (last backup).
(Exchange)
Systems with RTO = 1 week
CRM System AS/400 24h
Use ship-to--site equipment if available.
Dociware Windows Client/Server 24h
Recovery of system and data from tape/central backup.
Signature Verification System Windows Client/Server 24h
Primavera Local PCs 24h Use ship-to--site equipment if available.
Recovery from standard image.
Data recovery from central backup.
Systems with RTO = 2 weeks
QCB Online System Interface n/a
Access points set up at recovery dc
Reuters Feed only. n/a
Internet Windows Client/Server n/a Use ship-to--site equipment if available.
Recovery of system and data from tape/central backup.

HP Global Method HP Restricted Page 18 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Active Directory is already distributed over the three sites, so is considered to be fully resilient, only a move
from Salwa to Wakrah, as for the AS/400 environment, is required. Other IT infrastructure components such as
Firewalls, Terminal Servers, Management Tools, Intrusion and Virus detection must be recovered to the same
RTO as the most critical application system they support!

For all data centre application environments it is essential to consider network connectivity at both sites.

5.2.2.2 Data recovery

For QIIB applications RPO is either 0 or 24 hours, i.e. either is no data loss tolerated or is recovery to the last
daily backup acceptable. All storage keeping data with RPO = 0 has to be synchronously replicated between
the main and recovery site. The most cost-effective and easily managed replication method should be chosen
for each case, e.g. from transaction level mirroring for non-stop requirements to hardware based replication
maintaining data integrity for applications with longer RTO. All other systems can be recovered from the daily
backups.

Backup equipment (i.e. tape robot) must be installed also at the recovery site, and not only for data recovery
purposes. All backups should be taken to a remote location. Ideally backups should be taken at both locations.
An alternative could be to do remote backup and move tapes off site on a daily basis.

If QIIB decides to follow HP’s recommendations and enhance data replication and backup capability, a
migration to a Storage Area Network (SAN) solution should be considered in order to streamline storage
management and increase capacity.

5.2.2.3 PC recovery
To facilitate recovery of both desktop and laptop PCs, standard images of OS, applications and security tools
should be maintained and kept both on disk and CDs. The PCs can then be recovered either over the network
or standalone. There may well be different category images depending on user requirements.

For RTO up to 24 hours PCs must be dedicated and sit on the recovery site desks. For longer RTO it should be
possible to reach agreement of provisioning of PCs of a predefined specification at time of disaster. At least the
availability of such services should be seriously assessed as there are considerable savings in maintenance
effort and cost.

Most important, a system of compulsory daily centralised PC backup must be enforced. Preferably PCs are
backed up to disk daily (also to ensure recovery of single files in case of accidental deletion), then backups are
off-loaded to tape after a few days.

5.2.3 Hard Copy Documentation Recovery

Getting required hard copy to the recovery site is important, although it is very likely that documentation stored
at the Main site will be destroyed (this topic is discussed at length in the Risk Assessment Report). In spite of
the well known legal and regulatory issues, the following is recommended:
 Scan current and frequently used documentation and store electronic copies off site.
 Copy non-current documents and store originals and copies at two different locations.
 Mark files and containers clearly to ensure prompt delivery to the right team
 Initiate discussions with regulators, courts of law and other relevant (business) partners to establish the
legal requirements (in case of a disaster only).
At the end of the day, having access to documentation that may be legally disputed must be better than not
having any documentation at all!

HP Global Method HP Restricted Page 19 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

5.2.4 Mailroom Recovery

There are several ways to ensure continuity of printing and mailing, e.g. obtaining additional equipment and
hosting it at an alternate location. But as these are commodity type activities that are often commercially
available, and not really core banking activities, the following alternatives are recommended:
 Risk mitigation strategy
o Outsource entire printing and mailing function to a third party provider (preferred)
 Recovery strategy
o Contract with a third party provider for emergency printing and mailing

5.2.5 Voice Communication Recovery

The recovery of voice communication basically requires access to a PABX and re-routing of incoming calls. A
second PABX (with adequate capacity) should be hosted at an alternate location, either the call centre, the
recovery site or at an ISP (ISPs often provide these services). Emergency re-routing must be agreed with the
ISP. In this case, where there is a monopoly situation, it is recommended that an agreement with Qtel to
provide both PABX and re-routing is sought. (Re specific Call Centre issues, see detailed suggestions in the
Risk Assessment report)

For emergency use during the very initial recovery phases mobile phones and/or VOIP (e.g. Skype) may be
utilised by the crisis management and recovery teams, but that is hardly sustainable in the long run.

5.2.6 Network Recovery

With only one provider, and single network feeds into each building, it is neither practically nor financially viable
to add resilience by duplicating feeds. Given these circumstances, the following can be recommended:
 Make sure WAN links between Main site, Wakrah recovery site and Hilal Call Centre is set up in triangular
mode, i.e. so each site is physically linked to both other sites.
 Make sure that branch and ATM networks are connected to both Main and Recovery site.
 Consider satellite or IR links as backup for main WAN links.

HP Global Method HP Restricted Page 20 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Appendix A – IT Recovery Time Objectives by department

User Department Application System Available within:

No time 30 min 4 hours 12 hours 24 hours 48 hours 3 - 4 days

Retail Banking Services Electronic Clearing Equation Estisna’a Customer Card Mgmt
Cashier Ijara PIN Mailer
Musawama IVR
ATM Electr. Journal SMS Gateway
Card Services USwitchware Equation Network International Email (Exchange)
Call Centre Call Centre System Equation Network International Customer Card Mgmt
PIN Mailer
Electronic Banking Services USwitchware Equation
SWIFT
Corporate Banking Services Equation MS-Office
Investment & International Banking Equation MS-Office Email (Exchange)
SWIFT
SME Business Finance Equation MS-Office Email (Exchange)
Central Operations Electronic Clearing Equation Email (Exchange)
SWIFT
Domestic Investment Ops/LoC Retail Equation Estisna’a MS-Office
Trade Innovations Ijara
Musawama
Domestic Investment Ops/Collateral Equation Estisna’a Collateral Mgmt Sys MS-Office Email (Exchange)
Control Ijara
Musawama
Mudarabah
Murabaha
Wakala
Financial Control Equation Housemaid Placid MS-Office Ofuq / Payroll and HR
Appraisal & Engineering Equation Mudarabah MS-Office AutoCAD
Email (Exchange)
Central Accounting Equation Placid Email (Exchange)
Past Due Collection Equation
Credit & Market Risk Management Equation MS-Office
Administrative Services Asset Management Delta Email (Exchange)
Maintenance Mgmt MS-Office
Mail System
Human Resources MS-Office Ofuq / Payroll and HR
Email (Exchange)
Internal Audit Equation MS-Office Email (Exchange)
Media Communication Email (Exchange)

Please note that the IT RTOs shown above are the lowest requested by any of the relocating departments
within their timescales for relocation. Recovery of a system for one department will also make it available to
other departments.

More detailed information is available in the BIA report.

HP Global Method HP Restricted Page 21 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Appendix B – Summary of Shortest Requested Recovery Time Objectives

Application System Available within:

No time 30 min 4 hours 12 hours 24 hours 48 hours 3 - 4 days 1 - 2 weeks
Electronic Clearing Equation Network International Customer Card Mgmt Collateral Mgmt Sys MS-Office Email (Exchange) Signature Verification
USwitchware Cashier ATM Electr. Journal PIN Mailer Placid Delta Ofuq / Payroll and HR CRM System
Call Centre System SWIFT Estisna’a IVR Asset Management AutoCAD Dociware
Trade Innovations Ijara SMS Gateway Maintenance Mgmt QCB Online System
Musawama Mail System Primavera
Mudarabah Reuters
Murabaha Internet
Wakala
Housemaid

More detailed information is available in the BIA report.

HP Global Method HP Restricted Page 22 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Appendix C – IT Recovery Capability

Apart from the AS/400 environment, there is currently no specific provision for DR hardware. In general only
standard delivery times for equipment can be relied upon. It is therefore likely that recovery would take several
weeks for many of the systems shown below.

Application System Platform RPO Current Recovery Capability Able to meet

RTO?
Systems with RTO = 0
Electronic Clearing System Windows Client/Server 0 No DR measures in place. Equipment No
USwitchware Solaris 0 provisioning on a "best endeavours" basis No
Call Centre System Windows Client/server 0 likely to take weeks. No
Systems with RTO = 30 minutes
Equation AS/400 0 Duplicated hot standby and mirroring. Yes
Cashier Windows Client/Server 0 No DR measures in place. Equipment No
SWIFT Windows Client/Server 0 provisioning on a "best endeavours" basis No
Trade Innovations Windows Client/Server 0 likely to take weeks. No
Systems with RTO = 4 hours
Estisna’a AS/400 0 Yes
Ijara AS/400 0 Yes
Mudarabah AS/400 0 Yes
Duplicated hot standby and mirroring.
Murabaha AS/400 0 Yes
Wakala AS/400 0 Yes
Housemaid AS/400 0 Yes
Network International n/a 0 Link, hosted by NI n/a
Musawama Windows Client/Server 0 No DR measures in place. No
ATM Electronic Journal Windows Client/Server 0 No
Systems with RTO = 12 hours
Customer Card Management System Client/Server Solaris n/a Interface, no own data No
PIN Mailer Windows n/a No
IVR Windows Client/Server n/a No DR measures in place. No
SMS Gateway Windows Client/Server n/a No
Systems with RTO = 24 hours
Collateral Management System AS/400 0 No DR measures in place. No
Asset Management System Local PCs 24h No DR measures in place. May be able to No
Maintenance Management System Local PCs 24h source PCs in time, but not to bring No
Mail System Standalone special kit 24h system/data back No
Placid Windows 24h No DR measures in place. No
Systems with RTO = 48 hours
Delta Local PCs 24h No DR measures in place. Some PCs may be No
MS-Office Local PCs 24h sourced and recovered in time. No
Systems with RTO = 3 - 4 days
AutoCAD Local PCs 24h No DR, single PC may be sourced in time Yes?
Ofuq / Payroll and HR System Windows Client/Server 24h No DR measures in place. No
Email (Exchange) Windows Client/Server 24h No DR in place, no mailbox backup No
Systems with RTO = 1 week
CRM System AS/400 24h No
Dociware Windows Client/Server 24h No DR measures in place. No
Signature Verification System Windows Client/Server 24h No
Primavera Local PCs 24h No DR, but long RTO and PCs! Yes
Systems with RTO = 2 weeks
QCB Online System Interface n/a No?
Could be OK in spite of no DR being in place
Reuters Feed only. n/a No?
Internet Windows Client/Server n/a No DR measures in place. No?

*DR are available and these function can meet RTO please refer to risk assessment report prepared by Bob –
Which functions? All are definitely not achievable today. Please indicate in BIA Apps Table v1.1.xls – sheet
CurCap view!

HP Global Method HP Restricted Page 23 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition
QIIB BCP IT Continuity Plan
QIIB Project ID No.:

Appendix D – Workplace Relocation Suggestion

Relocation Requirement
User Department Total # staff day Total # staff day Total # staff day Total # staff day Total # staff day
Priority Total # staff later Location
1 2 3 4 5
Information Services 0 10 10 10 10 10 10 Wakrah Bridge Room
Retail Banking Services Main Branch 1 10 12 12 12 15 15 Other Branches
Call Centre (per shift) 2 4 4 4 4 4 4
Central Operations 3 6 8 8 8 8 8
Electronic Banking Services 4 3 7 7 7 7 7 Hilal CC
Card Services 5 3 6 6 6 6 6 Hilal CC
Domestic Investment Ops/Collateral Control 6 2 2 2 2 5 5
Central Accounting 7 4 4 4 4 4 4
Administrative Services 8 3 3 3 3 6 6
Operational Risk 9 1 1 1 1 2 2
Domestic Investment Ops/LoC Retail 10 5 5 5 5 5
Financial Control 11 4 4 4 4 4
Retail Banking Services HQ 12 1 1 1 1 1
Appraisal & Engineering 13 4 4 4 4 4
Credit & Market Risk Management 14 2 2 2 2 2
Human Resources 15 2 3 3 3 3
Investment & International Banking 16 8 8 8 8
SME Business Finance 17 5
Past Due Collection 18 2 2
Corporate Banking Services 19 4
Media Communication 20 1
Internal Audit 21 3
Totals 46 75 84 84 96 109

NB! This matrix is partly based on additional information obtained after the completion of the BIA, interpreted by
the author, why numbers do not totally match. It is a mainly a discussion a planning tool, and the original
spreadsheet file has been made available to QIIB.

HP Global Method HP Restricted Page 24 of 24

Document Version: 1.2 / 2008-02-28 © Copyright 2021 Hewlett-Packard Development Company, L.P. 519323166.doc
Project Document Id: Business Continuity Valid agreement required. Last changed: 03 April 2008 at 08:18
Strategy Definition