What are the Cloud Outage Incident Response (COIR) Guidelines? Find out now!
What is COIR?
The quick answer: A robust set of Cloud Outage Incident Response guidelines that will help keep your business afloat when you encounter the unexpected.
(Trivia fans know that the useful fibre made from the outer husk of a coconut is also called a coir.)
Mr Khoong Hock Yun, Assistant Chief Executive of IDA, announced the COIR Guidelines at the Singapore Computer Society Business Continuity Management (BCM) Conference 2016.
COIR assists organisations in Business Continuity Management (BCM) and disaster recovery (DR) planning, and helps boost the resilience of Singapore’ Smart Nation cloud ecosystem.
It was announced by Mr Khoong Hock Yun, Assistant Chief Executive and Chief Data Officer of the Infocomm Development Authority of Singapore at the opening of the Singapore Computer Society Business Continuity Management (BCM) Conference 2016 on 26 February.
The guidelines address the need to prepare for, and mitigate, the threat of cloud outages in the face of new emerging technologies.
Mr Khoong noted that even as the world moved towards cloud-based systems, major cloud outages across the globe have driven home the need for clear guidelines and contingency plans on the part of both enterprise users and cloud service providers (CSPs).
According to a report by Data Centre Knowledge in 2015, a key reason why enterprises hesitate to migrate to the cloud is the concern over sudden downtime of critical services.
The COIR guidelines thus help address this by giving clarity to enterprises and cloud service providers (CSPs) on what measures and processes that should be put in place to prepare for the event of cloud outages.
Tiers of Responses
The guidelines are to be used to map out, and therefore prepare for, how resilient CSPs can be, said Mr Khoong. “Enterprises will then be able to gauge the relevant CSPs to them and procure according to their own BCM needs.”
COIR is divided into four tiers of responses, based on the projected impact caused by any outage.
One of the breakout discussions on Business Continuity Management topics held during the Singapore Computer Society BCM Conference 2016.
The most serious is Tier A - Systemic/Life-Threatening Impact, which is suitable for cloud services hosting functions which directly affect human safety, or the stability of the economy, market or industry at large.
One example would be aircraft traffic controls. Mr Khoong cited the example of a little-known system called RVSM or Reduced Vertical Separation Minima, which utilises data, computers and autopilots to safely steer and maintain airplanes within 1,000 feet of each other.
Such systems would require immediate restoration should the worst occur.
The second tier, Tier B - Business Critical Impact, is designed for cloud services hosting functions that are critical to an organisation’s operations. Think payment gateways for an online e-shop.
“Every minute with its payment system down could be lost sales or a customer who permanently leaves,” said Mr Khoong.
CSPs operating at this tier would be expected to restore these services within four hours.
The third tier, Tier C - Operational Impact, is meant for cloud services hosting functions that are essential to an organisation’s operations — but which can stand a longer outage.
“Perhaps for some people, if their email goes down for a few hours, they may complain but life goes on,” said Mr Khoong.
Those who need to attend to urgent communications would also be able to turn to alternatives such as chat apps and the old-fashioned phone call.
But it may be totally unacceptable for the email to remain out of service for the rest of the day, so CSPs adhering to Tier C would be expected to restore the cloud within eight hours or so.
The lowest tier, Tier D - Minimal Impact, is appropriate for cloud services hosting functions which can bear an outage for longer durations.
Examples include infrequently-used internal development or test environments or corporate websites with general information. CSPs adhering to Tier D would be expected to restore services within two working days.
The COIR guidelines help CSPs assess and put in place plans for cloud outages. These cover areas such as having an appropriate communications plan; activation of pre-planned processes and teams; mobilisation of additional emergency resources; prioritization levels for recovery and restoration of affected cloud services; and monitoring a CSP’s uptime to detect outages.
The Singapore Computer Society BCM Conference 2016 was held on February 26 and was well attended by industry professionals.
The release of the guidelines was the result of two years of discussion, scoping and development by IDA together with representatives from the Defence Science & Technology Agency, Asia Cloud Computing Association, IT Management Association, Singapore Computer Society (SCS) and Singapore IT Federation.
The Working Group also received and incorporated feedback from focus groups comprising representatives from CSPs, cloud users and regulatory bodies.
Mr Paul Lee, President of SCS’ Business Continuity Group, said the Cloud Outage Incident Response Guidelines are a welcome addition to the business continuity and disaster recovery body of knowledge for the industry.
“It brings clarity and assurance to enterprises and strengthens Singapore’s resilience as part of a Smart Nation.”
Going forward, IDA will be working with the IT Standards Committee to turn the guidelines into a Singapore Standard.
“In our journey towards being a Smart Nation, the COIR guidelines complement our efforts to drive ICT standards, strengthen resiliency and encourage clarity for businesses as cloud users,” said Mr Khoong.
“This effort, in collaboration with industry, shows IDA’s continuing commitment to encourage the industry to have robust BCM and DR plans as well as service level clarity, to foster a more competitive business environment that enhances our digital economy.”
.webp)