Professional Documents
Culture Documents
Production Support
Purpose: used to ensure daily operational processes of information technology can be met and
monitored well.
C.1 Activity
The following activities are conducted to support the production process.
2. Upgrade the Core Banking System application (Patch Release). The process of
updating the patch includes the following provisions:
a. COMPANY will be testing the latest patch application together with the bank on
the testing machine by using production data that is agreed upon by the bank.
b. Schedule patch upgrades will be done after the process is completed batch or
in accordance with an agreement with the bank.
1. The process of data backup. Hours: 00:00. COMPANY ensure the backup process is running
successfully and file backups can be saved to the backup media that have been agreed.
2. Process scheduled transactions. Hours: 22:00 or suitable setup in Admin Web application.
COMPANY ensure configuration of scheduled transactions run in accordance with the agreed
execution time and execution process run successfully.
3. The process of data deletion (housekeeping). Hours: 00:00. COMPANY ensure data retention
processes run successfully and in accordance with the retention period determined.
4. Data transfer via FTP / SFTP. Hours: 00:00. COMPANY ensure permissions configuration FTP
/ SFTP Server is used to receive a copy of the information is correct so that FTP Server can
receive data mutation of Core Banking System and monitor that the file copy process is already
running successfully.
5. If there is any change in hours of automatic batch processing, the bank shall submit a change
request no later than two hours before the batch processing is done automatically.
D System Management
Objective: ensure application and system software updated with the required patch or patches
latest version.
Activity D.1
The following activities conducted at the System Management.
D.1.1 Patch Management
COMPANY ascertain whether the system hardware and software used are already using the
latest patch or patches that must be installed according to the recommendations of Principle. The
process of updating the patch includes the following provisions:
1. The COMPANY will do a patch test on the testing machine by using production data that is
agreed upon by the bank.
2. Schedule the patch upgrades will be done after the process is completed batch or in
accordance with an agreement with the bank.
3. The upgrade process patch following the procedure of Change Management will be discussed
in the next chapter.
D.1.2 Process Monitoring
COMPANY shall conduct monitoring of all system hardware and software. The monitoring
process in accordance with the chapter Process Monitoring Production Support.
D.2 Implementation
IT Operation COMPANY: Data Center Operations, Technical Support.
D.3 Application Support
Zabbix monitoring system using the application.
F Environment Management
Objective: to ensure the availability and stability of the environment to support the Core Banking
System services.
F.1 Activity
The following activities conducted at the Network Management.
Implementing F.2
Data Center Operator
V.3 Application Support
Process monitoring using monitoring applications.
G Backup Management
Objective: ensure Core Banking System data is stored in a secure location.
Activity G.1
The following activities conducted in the Data Management.
G.1.1 Backup Process
In general the entire database and its contents are the property of bank, making database
administration functions are fully carried out by the bank. COMPANY only authorized to manage
and ensure the availability and stability of the database.
1. Core Banking System application database backup process is done automatically every
day via scheduling the operating system.
2. The backup process executes commands from the system database and run a full
backup.
3. Material backup includes the following components:
a. Database applications Core Banking System
b. Database applications Token
c. Database Middleware applications
d. System and application logs.
4. The retention time of backup data consists of:
a. Daily data backups Core Banking System application used for recovery
(recovery) data during emergencies and saved to other media by the bank.
b. Monthly backup of data processed beginning of each month for the historical
data and transactions, saved on other media by the bank.
5. The results of the backup database will be automatically placed on a directory server to
then encrypted and sent to the bank system via FTP / SFTP.
G.1.2 Restore Process
The restore process is conducted in accordance with an agreement with the bank, with the
following conditions:
1. Testing the backup data regularly every six months to make sure and to verify the
contents of the data in the backup media, if no data is broken / missing / corrupt or not.
2. Requests activities incidental restore data on approval of the bank
for the purposes of system testing or auditing purposes either internally, externally, or from
regulators.
G.2 Implementing
IT Operation COMPANY: Technical Support
G.3 Application Support
Application backup and restore databases.
H Online Processing
Objective: ensure Core Banking System can process transactions with a high load.
H.1 Activity
The following activities conducted in Capacity Management process.
H.1.1 Capacity Planning
COMPANY shall perform capacity planning once every year, or according to the agreement,
which includes:
1. The capacity of the server and its components such as hard drives, memory, processors,
including the capacity of the operating system that covers all production and backup servers.
2. Capacity database.
3. The caCOMPANYity of the network.
4. The caCOMPANYity of the data center.
5. CaCOMPANYity other environments such as power systems, cooling systems, fire suppression
systems, access control panel.
I Service Desk
Objective: to make sure every problem is handled and followed up by COMPANY through the
delivery of solutions to these problems to the BANK.
I.1 Activity
Procedures or measures that apply in the COMPANY report in case of problems.
1. Reporting convey problems to the Helpdesk via various communication media such as
telephone, fax, or e-mail the information listed in the Contact Person.
2. Reporting shall provide a clear identity, namely: bank name, the name of the complainant, the
work unit, and a phone number that can be reached following the details of the problem to the
Helpdesk, as 1st level support, so that it can be noted clearly in the application problem handling
(ticketing tool ).
3. Helpdesk follow up complaints by providing solutions based on knowledge and database
knowledge is in Helpdesk.
4. The Helpdesk will provide a response to the complainant based on the following criteria:
Response Meanwhile
Rankings Business imCOMPANYt
time Solutions
1 complete failure 15 minute 4 jam
Critical • total failure that causes the entire business
impact transaction and / or functions and / or critical
business operations may not work.
• The failure is caused by faulty applications
and data, interference with the machine or the
severed communications.
• This failure can result in loss of data
or limited availability of data and / or
has a financial impact for users /
customers.
2 the failure of most 30 minute 5 working days
Large • The failure of the majority that affect
impact or limit the main function but does not
stop the user / customer to resume
production and does not pose a risk to
critical business operations.
3 failure minor 60 minutes 10 working
Medium • minor issue that was not significantly affect days
impact the operations.
• Included in this group are questions
or requests for information about the
functions / features of the application.
5. Escalation of handling the problem using the call tree with the following details:
I.2 Implementing
IT Operation COMPANY: Helpdesk.
I.3 Application Support
Using Ticketing and Knowledge Management applications.
I.4 Contacts
BANK can report problems via the following media:
1. Web Ticketing
a. https://support.COMPANYtindo.com (Contact banks listed)
2. Email:
a. ticket@COMPANYtindo.com (hours)
b. support@COMPANYtindo.com (hours)
c. support@Vendor.com (24 hours)
3. Phone:
a. 255/22 27 555 021 Ext. 127 (office hours)
b. 021 27555222 (24 hours)
M.1 Activity
COMPANY will send a report monitoring results and achieving target levels of service to BANK
not later than the 10th of every month.
Service Level Monitoring monthly report that is sent to BANK contain the following information:
Element Description
A. Availability
Application Availability Application uptime
Network Availability Network uptime
System Maintenance System under maintenance
D. Security Log
Access Log Number of success login and logout
Failed Attempts Number of failed usernames, failed passwords, and failed
activations
Data Changes Number of critical data updates
Attack Log Number of intruders and suspect activities from firewall
F. Audit Support
Audit Support Request on audit support
G. Change Management
Request on change management Processing of change request which is approved
H. Helpdesk
Helpdesk window time Window time of helpdesk
Incident processing Window time of incident processing base on level
I. Client Request
Client Request Processing Processing of client request such as request for back up data,
restore data and any other request
Maximum client (bank) request in Maximum request allowed for a client (bank) in a year
a year
Grades or points on each item above in accordance with the information stated in the agreement
between the COMPANY and the BANK.
Implementing M.2
IT Operation COMPANY: Day-to-Day Operation.
M.3 Application Support
Using the application Monitoring, Ticketing, and Bugzilla.
N Disaster Recovery
Disaster Recovery (DR) is the process, policies and procedures relating to the preparation for
recovery or continuation of technology infrastructure after disasters (disaster).
N.1 Classification
Disasters can be classified into two broad categories. The first is natural disasters such as floods,
hurricanes or earthquakes. The second category is a disaster due to human activities, including
fire, riots, terrorist attack, failure of infrastructure, hazardous material spills, as well as cyber
attacks. All of these categories can cause disruptions in the operational activities of the
COMPANY, therefore, necessary precautions and preparations to reduce or avoid losses from
the incident.
N.2 Preventive Measures
As a precaution in case of disasters (disaster) put up one environment to a separate location from
the main environment in the data center (DC) COMPANY. Environment is a Disaster Recovery
Center (DRC) is set in the stand-by condition and can be activated in the event of disaster
conditions.
In addition to infrastructure preparation, transaction data stored in the system database
COMPANY will be replicated from environment to environment DC DRC and backed up using
FTP media from environment to environment BANK DC.
Details of infrastructure at each location listed in the document chapter Technical Guideline on
Network Architecture for DC Site and Disaster Recovery Site for DR Site.
N.2.2 Replication and Backup
The technical details of the process of replication and backup databases listed in the Technical
Guideline on chapter Replication and Backup.
N.3 Disaster Process
Here is the process, policies, and procedures to enable the DRC environment as a replacement
for the primary environment in case of disaster conditions, so that the operational activities
remained normal during disaster conditions until the primary environment in the reconstruction
process is completed and the DC locations reusable.
Scope: The process of moving from the main environment that is in DC to the environment
that are in the DRC. Environment stand-by will operate until the primary environment in
DC can operate again.
Policy: Making changes to the communication from environment to environment DC DRC.
Moving the engine to the operational support activities DRC.
Actor: BANK (Contact Person listed in List):
- IT Contact
- Emergency Contact
- Helpdesk Contact
N.5 Testing
Tests on the environment DRC carried out at least 1 (one) year to ensure that the environment
DRC can be operated either in the event of disaster conditions. Things are done in testing the
BCP include:
1. Disaster Process Procedure
2. Procedure Recovery Process
Tests carried out using test scenarios (test plan) and is documented in an orderly manner and
evaluated to ensure the effectiveness and efficacy testing.
Implementation of DR testing must go through the approval of the COMPANY and the BANK.