Professional Services


Standardized Comprehensive Infrastructure Risk Assessment For Financial Sector Institutions (SCIRA-FSI)

In response to recent high-profile outages and increasingly complex hybrid IT architectures deployed by Financial Sector Institutions (FSIs), financial sector supervisory authorities are implementing regulatory requirements around operational resilience to encourage more proactive and effective risk management practices.

Recognizing the growing regulatory requirement and the adoption of more complex hybrid IT infrastructures by the FSI community, Uptime Institute has introduced the SCIRA-FSI assessment to help financial sector organizations assess the operational resilience of their critical infrastructure across enterprise-owned data centers, multi-tenant data center service providers, cloud, IT, and managed service providers. Uptime Institute brought together over 20 premier financial institutions from across the world to form its Program Design Partners and build a standardized approach to help the sector better assess and mitigate outages.

SCIRA-FSI is based on Uptime Institute’s analysis of over 20 data center and commonly applied financial sector standards, including internal assessment protocols shared by its Program Design Partners, common FSI infrastructure risks gathered from Uptime Institute’s Abnormal Incident Report database of 8,000 data points on the root cause of outages, and Uptime Institute’s experience working on over 250 FSI projects across the globe.

 

Request a Meeting

Have questions about SCIRA-FSI? Fill out the form and we will follow up with you right away.
Legislation Update

EU’s Digital Operational Resilience Act Enacted 16 January 2023

The EU's Digital Operational Resilience Act (“DORA”) entered into force on 16 January 2023. Uptime Institute has tracked this legislation and its widespread impact on digital infrastructure owners, operators and providers since its initial draft published in 2020.  Read more about this important legislation below.

Read the Update

SCIRA-FSI is Designed to Address Sector Challenges

In extensive interviews with the Financial Sector Institutions that participated as our Program Design Partners, we designed SCIRA-FSI to address the top three challenges facing global financial sector firms in regards to IT risk mitigation and regulatory compliance.

Sector Challenge

Resourcing Constraints Prevent Global Assessments


While outsourced IT service providers like cloud, colo and SaaS partners typically undergo a risk assessment during vendor due diligence, internal compliance departments and third-party regulators typically require ongoing assessments of these partners to remain compliant.

Many clients lack the staff resources or internal processes and protocols to conduct these assessments consistently and comprehensively at service-provider facilities around the world.

SCIRA-FSI Solution

Consistent Delivery, Around the Globe


With Uptime Institute staff on the ground in every major market globally, our clients can eliminate staff travel requirements and ensure they meet internal and regulatory requirements to perform standardized, consistent assessments of any owned and operated or third-party critical infrastructure.

This not only delivers consistency of approach and execution, but ensures the organization can identify outage risk across its IT estate.

Sector Challenge

Meeting Compliance and Regulatory Requirements


90% of our Design Partners stated that local regulators are more actively monitoring for outages and requesting proof that audits are being conducted on a regular basis. 

FSIs must take a proactive, instead of a reactive stance in regards to IT audits - ensuring they can demonstrate evidence of consistent, standardized and regular audits of owned and third-party infrastructure.

SCIRA-FSI Solution

Ongoing Assessments from a Trusted Authority


SCIRA-FSI customers receive comprehensive assessments from Uptime Institute for their owned and operated sites as well as third-party colocation, cloud and SaaS sites.

Our assessments are designed to satisfy regulatory requirements for data center audits and demonstrate to regulators that you are taking a proactive stance to measure and reduce risk across your IT estate.

Sector Challenge

Standardized Assessments Across Infrastructure Partners


During product development, the feedback from our Design Partners was clear - the sector is looking for a comprehensive standard that incorporates FSI internal compliance and regulatory requirements in each market, while delivering consistency across the global IT estate.

SCIRA-FSI Solution

A Comprehensive Standard for Global Consistency


Our team reviewed the scope element from over 20 standards commonly used by the FSI community and reviewed numerous FSI internal assessments to develop our comprehensive standard.

The output is a standardized, comprehensive assessment across four key areas of risk, made up of 142 observation points to assess at each site.  Each observation point is evaluated for level of risk, as well as a level of impact severity, giving customers a means to identify key focus areas for improvement and risk reduction.

SCIRA-FSI Assessment Components

SCIRA-FSI examines the underlying physical data centre infrastructure(s) including management and operational controls, along with design, operations, and oversight of the business service at a holistic level to minimize and mitigate both physical and operational outage risks.

Site Characteristics

Site location risks
Building characteristics
Building construction

Topology & Infrastructure

Infrastructure conditions
Power systems
Cooling systems
Supplementary systems
Security systems
Telecommunications

Facility Operations

Staffing and organization
Training and personnel development
Systems and program management
Health and safety

Oversight

Regulatory compliance
Code compliance
Standards and certifications
Sustainability
Energy efficiency

Overview of the Assessment Process

During each site assessment visit, Uptime Institute consultants use the SCIRA-FSI assessment protocol to examine each scope element and determine whether the potential risk to site resilience is not present, present but mitigated, or present and unmitigated. The impact of risk is reviewed and evaluated based on the scale of risk and the impact severity of the consequences of failure.

Upon completing the assessment, clients receive a detailed report on their current physical and operational risks, a set of actionable recommendations for resolving those risks and an Executive Overview summarizing risks and recommendations from the assessment.

This approach not only aids FSIs in their efforts to proactively prevent outage incidents, but also serves as documentation for regulatory filing requirements to prove that a comprehensive risk management assessment has been completed for infrastructures that support critical business services.

SCIRA-FSI Report Preview
SCIRA-FSI Report Preview

Learn More about SCIRA-FSI

SCIRA-FSI represents a new era in critical infrastructure assessments - moving beyond owned and operated infrastructure to colocation providers, cloud providers and Software-as-a-Service (SaaS) vendors who you rely on to manage your critical systems. 

We know you have questions. We look forward to answering them.

Download Product Brochure

Watch Product Webinar

Request a Meeting

Additional Regulatory Requirements Resources

Visit the resources below for additional details on the regulatory requirements financial sector supervisory authorities are implementing around operational resilience and risk management practices globally.