application units
after restoration
Like other financial institutions subject to regulatory oversight, J&T Bank must demonstrate the operability of its IT systems in the event of a disaster. But how should it proceed when it has no practical experience in managing recovery from such a large simulated disaster? And how should it deal with the findings of disaster recovery testing?

Disaster recovery specialist wanted
J&T Bank provides private banking services and financing in real estate and corporate acquisitions. To demonstrate the operability of its IT systems in in the event of an accident, she planned a simulated outage of one of its two datacenters.
However, J&T Bank lacked expert employees with experience in by conducting a major disaster recovery test, the bank turned to ORBIT. Our role was to guide the customer through the preparation, the DR test itself and by evaluating it.
Phase 1: Review of current disaster recovery plans
Disaster recovery (DR) testing aims to strengthen the organisation's ability to survive a major IT disaster. K this requires increasing the resilience of infrastructure and to rehearse the procedures by which members of IT teams in in the event of an emergency, restore service availability.
In the first phase of the project we focused on review of the Bank's current DR plans. We conducted a full assessment of IT's ability to achieve a safe recovery from accidents, of which resulted in a list of shortcomings and the necessary corrective actions before the test itself.
Disaster recovery: be prepared
Disaster recovery (DR) is a key process that ensures business continuity for any modern company during emergencies such as cyber-attacks or natural disasters. A typical recovery scenario is running from a secondary datacenter or a complete recovery from data loss.
Today, DR processes are driven by stringent legislative and regulatory requirements, including NIS2 guidelines or DORA regulation. These regulations require businesses to have robust plans to recover and protect their IT systems.
Emergency preparedness brings peace of mind to companies, increases the confidence of their clients a minimises financial losses associated with blackouts.
Phase 2: Implementation of corrective measures
Based on a gap analysis of the remediation measures, we had to ensure that critical applications were configured to run only from the secondary datacenter. However, this is sometimes easier written than done.
For example, the implementation of some measures has been delayed due to the high technical complexity of IT systems did not do without investment.
Other changes were again so much time-consuming(For example, the conversion of a multi-terabyte database into a synchronous replica in the second datacenter first required its partitioning by data type, then testing of the new solution, and only then technical implementation for recovery).
Phase 3: DR test flow
The implementation of corrective measures and the elimination of all risks eventually delayed the DR test by three months. We used this time to creation of a detailed DR plan and related roll-back or what-if scenarios, to be prepared for unexpected events during the test.
The datacenter recovery test was further preceded by:
- the shutdown communication campaign,
- risk approval,
- repeated practice of the procedures,
- preparation of all necessary documents and partial restoration plans
- and other necessary preparatory steps for such a demanding operation.
The DR test itself, including safe crash simulation and system recovery, was conducted according to the DR plan. The simulation of the accident included a controlled shutdown of all infrastructure layers and a power outage. This was followed by the necessary reconfigurations in the secondary datacenter and application start-up.
The bank's experts had to repeatedly and under time pressure resolve technical obstacles. We were relieved to see the management tool TaskControl watched the green boxes on the business tests as those responsible gradually confirmed business process functionality when running applications with a completely unavailable primary datacenter.
The result of an exhaustive weekend of testing was hundreds of pages of footage that produced Report to the CNB about the bank's practical preparedness for a major disaster.
One disaster recovery test is not enough
Regulated financial and critical infrastructure business is required to perform DR tests regularly. It must adapt to changes in applications and infrastructure (reacting to continuous hardware replacements, upgrades, changes in application configurations, application life cycle, etc.).
For future runs of the plans, we have therefore equipped the IT team of J&T Bank with a manual Lessons learned and a retest template. However, in a situation where most entities do not have with sufficient experience in the practical implementation of the tests, our experts offer them a helping hand.