EXPERT RESPONSE
The most remarkable thing about spacing and zoning regulations related to
the locations of banks and their datacenters is their absence. In fact, banks
are likely to face more stringent codes related to the building of
datacenter structures. Considering the losses suffered by financial
institutions as a result of the tragic events of 9/11, one might assume that
government and other regulatory agencies would have been quick to develop a
comprehensive list of codes or guidelines designed to ensure the safety of
banking information.
In fact, authors of an interagency report on resilient IT infrastructures
(compiled by the Federal Government, SEC, and OCC) originally considered
mandating specific distances but decided instead that banks should place
recovery sites as far away from primary datacenters as possible, allowing
banks to determine how best to meet their fiduciary responsibilities within
the bounds of acceptable risk. This approach was eminently practical since
the evolution of bank IT and the way financial institutions use IT is
anything but consistent. Complying with rigid mandates likely would have
required many banks to begin long and complex IT projects whose value was
uncertain.
Though this approach appears somewhat elastic, financial institutions have
been aggressive in determining and pursuing appropriate measures. IT vendors
who focus special attention on the financial sector, such as EMC, have
reported that many banking clients pursuing multi-site strategies that use
primary and secondary in-region datacenters to protect against operational
or site failures, and out-of-region facilities to protect against regional
disruptions. Some IT solutions, such as EMC's SRDF Star, are designed to
help banking clients successfully achieve this strategic goal.
|
