The Australian Securities and Investments Commission (ASIC) has recommended the Australian Securities Exchange (ASX) review several parts of its IT infrastructure following the market outage on 19 September, 2016.
The Commission has released its report on the outage, recommending that the ASX address three key components of its IT infrastructure that contributed to the outage.
Following an internal investigation, the ASX determined that the outage was triggered by a hardware failure that affected the primary ASX Trade database.
The Commission recommended the ASX strengthen its business continuity management (BCM) and IT disaster recovery (ITDR) arrangements, and integrate proactive and frequent testing into its business-as-usual operations.
The report said this should include system-specific recovery procedures and a central repository of key documentation.
“As a critical market infrastructure provider, we expect ASX’s arrangements to be validated and refined through more frequent testing. ASX should engage with market participants and Chi-X to enhance its testing and consider periodic street-wide tests,” the report stated.
“We recommend that ASX, as part of its current internal review, strengthen its BCM and ITDR arrangements to adequately reflect the criticality and complexity of its systems, and integrate a regime of proactive and frequent testing into its business-as-usual operations.”
The Commission also recommended that the ASX should implement more comprehensive and robust technology status monitoring, including review of its automated data integrity checking processes, and its monitoring tools and alerts of all applications, hardware, operating systems and network infrastructure.
“ASX should review its automated monitoring tools and alerts of all applications, hardware, operating systems, and network infrastructure for primary and secondary environments; and automated data integrity checking processes to ensure that reference values and states of critical data elements are in a consistent state for the purposes of recovery from a systems failure, and as a routine check to detect abnormal systems behaviours,” it said.
Additionally, ASIC recommended the ASX “enhance its key enterprise architecture artifacts to more fully describe ‘current’ and ‘target’ states for business processes, applications, data and information flows, and technology infrastructure.
“These should be informed by an appropriate level of consultation with participants, and developed with internal ASX business stakeholders to ensure the transition to future state business models and any implications are understood,” ASIC said.