Standardized Comprehensive Infrastructure Risk Assessment For Financial Sector Institutions (SCIRA-FSI)
In response to recent high-profile outages and increasingly complex hybrid IT architectures deployed by Financial Sector Institutions (FSIs), financial sector supervisory authorities are implementing regulatory requirements around operational resilience to encourage more proactive and effective risk management practices.
Recognizing the growing regulatory requirement and the adoption of more complex hybrid IT infrastructures by the FSI community, Uptime Institute has introduced the SCIRA-FSI assessment to help financial sector organizations assess the operational resilience of their critical infrastructure across enterprise-owned data centers, multi-tenant data center service providers, cloud, IT, and managed service providers. Uptime Institute brought together over 20 premier financial institutions from across the world to form its Program Design Partners and build a standardized approach to help the sector better assess and mitigate outages.
SCIRA-FSI is based on Uptime Institute’s analysis of over 20 data center and commonly applied financial sector standards, including internal assessment protocols shared by its Program Design Partners, common FSI infrastructure risks gathered from Uptime Institute’s Abnormal Incident Report database of 8,000 data points on the root cause of outages, and Uptime Institute’s experience working on over 250 FSI projects across the globe.
SCIRA-FSI is Designed to Address Sector Challenges
Resourcing Constraints Prevent Global Assessments
While outsourced IT service providers like cloud, colo and SaaS partners typically undergo a risk assessment during vendor due diligence, internal compliance departments and third-party regulators typically require ongoing assessments of these partners to remain compliant.
Many clients lack the staff resources or internal processes and protocols to conduct these assessments consistently and comprehensively at service-provider facilities around the world.
Consistent Delivery, Around the Globe
With Uptime Institute staff on the ground in every major market globally, our clients can eliminate staff travel requirements and ensure they meet internal and regulatory requirements to perform standardized, consistent assessments of any owned and operated or third-party critical infrastructure.
This not only delivers consistency of approach and execution, but ensures the organization can identify outage risk across its IT estate.
Meeting Compliance and Regulatory Requirements
90% of our Design Partners stated that local regulators are more actively monitoring for outages and requesting proof that audits are being conducted on a regular basis.
FSIs must take a proactive, instead of a reactive stance in regards to IT audits - ensuring they can demonstrate evidence of consistent, standardized and regular audits of owned and third-party infrastructure.
Ongoing Assessments from a Trusted Authority
SCIRA-FSI customers receive comprehensive assessments from Uptime Institute for their owned and operated sites as well as third-party colocation, cloud and SaaS sites.
Our assessments are designed to satisfy regulatory requirements for data center audits and demonstrate to regulators that you are taking a proactive stance to measure and reduce risk across your IT estate.
Standardized Assessments Across Infrastructure Partners
During product development, the feedback from our Design Partners was clear - the sector is looking for a comprehensive standard that incorporates FSI internal compliance and regulatory requirements in each market, while delivering consistency across the global IT estate.
A Comprehensive Standard for Global Consistency
Our team reviewed the scope element from over 20 standards commonly used by the FSI community and reviewed numerous FSI internal assessments to develop our comprehensive standard.
The output is a standardized, comprehensive assessment across four key areas of risk, made up of 142 observation points to assess at each site. Each observation point is evaluated for level of risk, as well as a level of impact severity, giving customers a means to identify key focus areas for improvement and risk reduction.
SCIRA-FSI Assessment Components
Topology & Infrastructure
Training and personnel development
Systems and program management
Health and safety
Standards and certifications
Overview of the Assessment Process
During each site assessment visit, Uptime Institute consultants use the SCIRA-FSI assessment protocol to examine each scope element and determine whether the potential risk to site resilience is not present, present but mitigated, or present and unmitigated. The impact of risk is reviewed and evaluated based on the scale of risk and the impact severity of the consequences of failure.
Upon completing the assessment, clients receive a detailed report on their current physical and operational risks, a set of actionable recommendations for resolving those risks and an Executive Overview summarizing risks and recommendations from the assessment.
This approach not only aids FSIs in their efforts to proactively prevent outage incidents, but also serves as documentation for regulatory filing requirements to prove that a comprehensive risk management assessment has been completed for infrastructures that support critical business services.
Partner to the World's Leading Financial Sector Institutions
Our SCIRA-FSI product represents a new offering to this industry, but we've spent decades helping leading FSIs design, build, operate and assess their critical infrastructure.
Learn More about SCIRA-FSI
SCIRA-FSI represents a new era in critical infrastructure assessments - moving beyond owned and operated infrastructure to colocation providers, cloud providers and Software-as-a-Service (SaaS) vendors who you rely on to manage your critical systems.
We know you have questions. We look forward to answering them.
Additional Regulatory Requirements Resources
Visit the resources below for additional details on the regulatory requirements financial sector supervisory authorities are implementing around operational resilience and risk management practices globally.