Voglio sapere a riguardo di…

60512

Federal Register / Vol. 86, No. 209 / Tuesday, November 2, 2021 / Notices
jspears on DSK121TN23PROD with NOTICES1

terms; ii that cause ongoing material harm to the CSP, its services, or its customers e.g., criminal misuse of the services; or iii for undisputed nonpayment under the Cloud Agreement.
Even if the CSP notifies OCC of an alleged breach material or critical, termination of services is not immediate.
OCC believes the risk of termination with a shorter notice period is mitigated by the following factors. In all cases of an alleged breach, the CSP must notify OCC in writing and provide time for OCC to cure the alleged breach Notice Period. With respect to an alleged critical breach, OCC would use the Notice Period to attempt to cure the alleged critical breach while also preparing for a seamless transition to the on-premises data center. With respect to an alleged material breach, which requires the CSP to extend the Notice Period if OCC demonstrates a good faith effort to cure the alleged material breach, OCC would use the Notice Period to attempt to cure the alleged material breach while also preparing for a seamless transition to the on-premises data center. As a result, it is highly unlikely that a critical breach or a material breach would remain uncured beyond the Notice Period; if one does, however, OCC
would have ample notice to shift operations to the on-premises data center to avoid a disruption to core clearing, risk management, and data management applications.
ii. Resiliency of the Deployment of Cloud Infrastructure Updates The CSP will update the Cloud Infrastructure from time to time 48 using a conservative approach for update deployment that helps to ensure that any potential effects of possible incidents are contained to the greatest extent possible. The CSP achieves this by: i Fully automating the build and deployment process; and ii deploying services to production in a phased manner.
CSP Services are first deployed to cells, which minimizes the chance that a disruption caused by a service update such as a patch in one cell would disrupt other cells. Following a successful cell-based deployment, service updates are next deployed to a specific zone, which limits the potential disruption caused by a service update to that particular zone. Following a successful zone deployment, service updates are then deployed in a staged 48 OCC will continue to retain responsibility for patching, configuration, and monitoring of the operating systems and applications in the Cloud.

VerDate Sep<11>2014

17:42 Nov 01, 2021

Jkt 256001

manner to other zones starting with the same region and later within other regions until the process is complete.
OCC will continue to meet regularly with staff of the CSP, in addition to formal quarterly Briefing Meetings with the CSP as described in the Reg SCI
Addendum.49 The informal discussions and quarterly Briefing Meetings will permit OCC to gather information in advance of the quarterly Systems Change report. Most reportable systems changes will continue to occur based on changes to Compute, Storage, Network, or applications controlled by OCC.
iii. Resiliency Through the Build Out of an On-Premises Data Center OCC will maintain an on-premises data center to provide the ability to support core clearing, risk management, and data management applications in the unlikely and extraordinary event of either the termination of the Cloud Agreement for uncured breach or a multi-region outage at the CSP that simultaneously impacts OCC operations within all three zones in both regions.50
OCC has designed the on-premises data center to operate 30 or more days to permit a smooth transition back to the Cloud once the Cloud disruption is remediated on a low volume day. From an architectural perspective, the onpremises data center is similar to adding a third CSP region with a single zone.
While most technologies will remain the same with a failover to on-premises, there are several technologies that are only available at the CSP and for which alternative solutions must be devised.
All equivalent on-premises core platform technologies that enable Compute, Network, and Storage will be operated by OCC with synchronous data replication between the Cloud and onpremises while member connectivity would remain unchanged.51 OCC will ensure adequate capacity in the onpremises data center for up to two and a half times observed peak volume. If the circumstances that required OCC to rely on the on-premises data center persist beyond seven days, OCC would 49 See
confidential Exhibit 3f.
with the assistance of an external consultant, conducted an analysis of the benefits and risks of a multi-CSP infrastructure. The key findings indicated that a multi-CSP infrastructure would not significant improver resiliency and could create additional risks, including: i Increased functionality and delivery risks; ii increased operational and cybersecurity risks; iii human capital risks; iv third-party and legal risks; and v general business risks.
51 OCC has separately submitted a request for confidential treatment to the Commission for a diagram that the presents draft Failover Architecture which OCC has provided in confidential Exhibit 3u to File No. SROCC2021
802.
50 OCC,
PO 00000

Frm 00072

Fmt 4703

Sfmt 4703

take steps necessary to enhance its Storage to enable seamless operation of the on-premises data center for longer than 30 days.
iv. Resiliency Through the Use of Store and Forward Messaging Technology OCC has designed the architecture to ensure it is able to support zero message loss and a quick recovery time. To meet these requirements the architecture places a premium on data integrity and throughput over the latency of any one transaction. The established techniques for this are store and forward messaging technology where messages are preserved until delivered to servers that consume the messages and synchronous writes to multiple servers.
Unlike OCCs current system, the core clearing, risk management, and data management applications do not rely on block storage replication across CSP
regions. The solution is entirely message based and message replication achieves the data redundancy required to deliver high availability services.
OCC will continue to rely on the existing store and forward messaging technology as the primary technology for exchanging messages with both exchanges & clearing members for the intake of clearing and settlement related information. The store and forward messaging technology manager is hosted on-premises and is replicated across all OCC on-premises data centers. The store and forward messaging technology will then forward messages to the hot/warm instances at the CSP
and the redundant on-premises data center applications.
Core clearing, risk management, and data management applications rely on a platform for managing containerized workloads and messaging services. This platform enables multi-region message replication with synchronous acknowledgement. The platform will treat the on-premises data center as another region, with messages being replicated to all three regions the two Cloud regions and on-premises.
The core clearing, risk management, and data management application architecture deployed across the two CSP regions and on-premises will maximize data integrity and throughput during routine operations and enhance failover should it be necessary.
Audit and Controls Assessment OCC has a plan in place to continually test the Cloud security controls and OCCs readiness for the Cloud Implementation, and also has processes in place to regularly audit and test security controls and
E:FRFM02NON1.SGM

02NON1