DISASTER RECOVERY MANAGEMENT

INTRODUCTION

The disaster Management Programme seeks to address all problems likely to emanate from any of the following disasters should they befall the Company.

                        Fire

                        Water

                        Burglary

                        Earthquake

                        Loss of information through:

                        Data Corruption

                        Power Failure

1.         FIRE

The Company has insured all equipment and document against fire. All Staff Members are under strict instructions to put off all electrical appliances after close of work. This is monitored on daily basis to ensure compliance. Staffs are also given occasional drill on fire prevention to eliminate the threat of fire outbreaks fire alarms smoke detectors are presently being fitted

2.         WATER

Currently, our offices are situated on the 1^st and 2^nd floors of Martco House, Adabraka and the threat of flood is non-existent. However, should we move to a place where the threat becomes a reality, the existing safety measures we have in place would protect all our data. We have taken insurance policies to cover all our equipment against any loss, which may occur through flood.

3.         EARTHQUAKE

Earthquakes are natural disasters with devastating effects. In the event of a major earthquake affecting our offices, we are likely to lose some or all of our equipment. The Corporate Policy ensures that all equipment are insured against all kinds of loss

including earthquake. Equipment replacement will therefore not be a problem. Copies of all our data are also stored in a fireproof Safe at the offices of our wholly owned Subsidiary Company situated about one (1) mile from our offices.

4.         BURGLARY

Most of our vital documents are kept in a fire proof/burglary proof Safe. The keys to the Safe are kept by two (2) responsible Officers who are answerable to the Managing Director. The Safe is always opened by the two (2) officers in the presence of the security officer to ensure absolute security and to prevent any illegal acts.

5.         LOSS OF INFORMATION THROUGH:

Data Corruption

Data Back-ups are taken daily on magnetic tapes. Copies of the back-ups are kept in a fire proof Safe at NTHC Properties. Another set is kept in our Company premises also in a fire proof safe. The Head of the IT Unit keeps another set outside the Company. These measures ensure that in case of data corruption, only the day’s transaction will be lost and it will not be too difficult to recapture same. Even that, there is a mirror of what happens daily.

            Power Failure

Every PC has a UPS attached. By policy, the UPS must be put on for as long as the PC remains in use. We have a stand by generator, which is activated automatically in the event of a power failure. It is therefore unlikely that we will lose information through power failure. It is therefore unlikely that we will lose information through power failure. However, should the unexpected happen and we lose any information, the daily back-ups will enable us restore whatever information we may have lost.

6.         PROTECTION OF DOCUMENTS/INFORMATION

NTHC is involved with the management of client’s funds, trading in Stocks, etc. the Company recognizes the importance of keeping clients information out of the domain of unauthourized persons. In this regard, the Company has a policy, which ensures that individual departments confine themselves to their schedules. Staff in one department do not have access to information or documents from another department. The Software designed for the various departments have security features to prevent unauthourised access. Staff members also have unique passwords to operate their PCS.

7.         STAFF CONFIDENTIALITY

All Staff Members are under Oath to keep every information obtained in the course of their duties secret. The Oath is renewed every year and its violation may result in the termination of the employee’s appointment.

8.         INSURANCE POLICIES

The Company’s properties are all adequately covered by insurance. We have various insurance Policies with a reputable insurance Company covering all of the Company’s fixed assets against all kinds of losses through fire, theft, burglary, flood and earthquake

9.         COMPUTER BACKUP SYSTEM AND PROCEDURES

The backup and retrieval system, which was set in place, was to provide NTHC a strong support (data restoration and recovery) in cases of fire, theft, flood, hard disk failure or any other form of data corruption. It is also to provide easy storage, general retrieval and accessibility.  It is efficient and effective means of backing up all departmental files accurately.

Backup Levels:

Storage Media and Processes

Method 1:       All Departmental softwares are stored on the server and authorised users access data / information on the server through the network. A backup of all the clients’ data is stored in a partitioned drive on the server at the end of every day. This backup is used to solve immediate problems.

Method 2:       Another Hard Disk with the same specifications like the one in the server is fixed also in the server and mirrors all what takes place on the main server’s hard disk and duplicates it on this mirrored hard disk. The server is programmed to switch to the mirrored hard disk for services as soon as there is a hard disk failure or crash.

Method 3:       Quarterly backups are stored on Compact Disks (CDs) and kept in NTHC’s data safe and a copy stored at NTHC Properties premises which serves as an off site backups.

Method 4:       Backup of clients’ information databases is taken daily onto the magnetic tapes. One tape each is taken home by the Head of the Unit and the Systems Administrator as an off site backup procedure and brought the next day. This process is repeated every day. Ten different tapes are used for this exercise

"CHINESE WALLS"

A SUMMARY OF POLICIES AND PROCEDURES DESIGNED TO SEGMENT THE FLOW AND PREVENT THE MISUSE OF MATERIAL NONPUBLIC INFORMATION

NTHC LTD as a financial services firm performs numerous functions and provides a wide range of services which typically include the following:

Research & Business Development, which generally services all departments.

Financial Product sales, both retail and investment management.

Firm proprietary trading and investment operations.

Registrar and Custodian Services, Corporate Secretarial services.

The very structure of NTHC and its various functions produces competitive opportunities. For example, the firm has a duty to keep confidential any non-public information it receives from a client. First, firm researchers supply information to the firm’s other operating departments, but a firm must ensure that such information is based generally available market or company data, and not on confidential information gleaned from the company files. Oftentimes it is difficult to tell exactly how “clear” the information is as it passes from research to both the investment banking and trading departments, and vice versa; the mere fact of information crossover raises the spectre of “infection”. Second, section 128 of the Securities Industry Law, 1993, PNDC law 333 (PNDC Law 333)  as amended prohibits dealings in securities by corporate insiders.

These potential problem areas may produce legal conflicts over issues that do not arise in an individual trading context, such as:

The attribution of knowledge from the employees of one department of NTHC to those of another department.

Allegations that brokerage recommendations conflict with knowledge possessed by the investment banking or research departments and therefore constitute “misrepresentation” in violation of sections 124, 125, and 127 of PNDC law 333, as the case may be.

Secondary liability of NTHC resulting from the conduct and/or omission of its employees.

Concerns over such multiple, potentially conflicting activities and concomitant obligations of companies like NTHC is not new. Three and one-half decades ago the United States Securities and Exchange Commission (SEC) found, in its Special Study of the Securities Market, that:

“A striking phenomenon of the securities industry is the extent to which any one participant may engage in a variety of businesses or perform a variety of functions. A single firm with customers of many kinds and sizes may, and often does, combine some or all of the functions of underwriter, commissions house in listed securities, retailer of unlisted securities, custodian of funds and securities, investment adviser to discretionary accounts, to others on a fee basis, and to one or more corporations. Its principals may invest or trade for their accounts in securities also dealt in for others  ………………..

“…………Since each of these functions involves its own set of obligations to particular persons or groups of persons and since the self-interest of the broker-dealer may be involved in one or more, there are multifarious possibilities of conflict of obligation or interesting matters large or small. Total elimination of all possibilities is obviously quite out of the question; theoretically, it would have to involve fragmentation of the business to a point where each investor would have his own broker who would not be permitted to act for any other customer or for himself.”

The observations of this study was true then as today, and it is in response to these potential conflicts that NTHC has implemented Chinese walls and other procedures to contain and isolate material information and, therefore, maintain the hydra-headed nature of their business while avoiding, as much as possible, the liability that can ensue when the different heads begin to converse.

“Chinese Wall” is the term given to procedures and policies restricting the flow of material, non-public information among the potentially conflicting departments of financial services companies like NTHC and in effect isolating the information within the department to which it has been entrusted.

The specific policies and procedures relied upon will vary from firm to firm. Firms can turn to code names or numbers to disguise the identity of target corporations, elaborate paper shredding procedures, physical separation of the trading department from those departments that regularly receive confidential information, education of all employees handling material, non-public information about firm procedures, and so on. Whatever the procedure relied upon, however, the basic principle of containment remains the same. Material, nonpublic information is extremely valuable to those who possess it, the market price not yet reflecting the new information; thus the potential (and temptation) for profit is great. Therefore, at NTHC care is taken to ensure the confidentiality and security of such information.

NTHC POLICIES AND PROCEDURES

TRAINING

The object here is to create and achieve employee awareness of prohibitions of misuse of non-public information through employee training and in house publication of policies concerning the misuse of such information. This form of training relies on a combination of internal memos, orientation material, or certifications, acknowledging the receipt of firm policies concerning the confidentiality of information and pledging

Compliance. These are supplemented by routine interactions made possible through weekly and monthly meetings between management and staff. At such meetings the compliance officer communicates information on sensitive issues and firm procedures. Employees and relevant departments are also kept abreast of significant judicial, regulatory, and industry developments. , such as weekly and monthly meetings. Formal All permanent and new employees of NTHC are also provided formal educational training through sponsorship of all the Securities Courses offered by the Ghana Stock Exchange.

OPEN DOOR POLICY

In order to facilitate good relations between Management and the rest of Staff, NTHC adopts an open door policy. However, in order to provide privacy to clients and ensure security of documents, it has become necessary to modify the policy. Doors have been provided for the offices of Managers on the 1^st floor. Arrangements have been made for the provision of doors for some offices on the 2^nd floor where vital documents are handled.

"NTHC FIREWALLS AND VIRUS PROTECTION"

Perimeter Defences

Being permanently connected to the Internet can significantly boost corporate productivity. By using e-mail, it vastly improves communication between members of staff as well as customers and suppliers. Having access to the World Wide Web delivers valuable information straight to the desktop, thereby giving the company a competitive edge. However the Internet can also open up your corporate information system to a myriad of lethal threats.

The threats range from hackers to malicious content and their objectives include information theft, data destruction, snooping, denial of service and computer crime. It is essential that organisations, just as they insure physical security by employing security guards, installing alarms, put secure locks on doors and buying trained dogs, likewise must also deploy adequate measures to insure that the corporate information system is secure.

A firewall is a software or hardware solution that protects a network from any unauthorised access. A firewall allows the organisation to determine what to allow in and what to allow out of their network. A firewall is the only defence against keeping out the undesirable instructions.

NTHC Ltd’s firewall has been configured to work with its anti-virus software to prevent viruses from getting into the network. This constitutes our gateway level of protection against viruses.

With NTHC’s dedicated link to the Internet, and the intranet communication, the dangers and threats that the company is exposed to is various and dangerous. It basically leaves off the most valuable assets, company data, very much up for grabs to anyone who wishes to hack into the NTHC systems.

 NTHC Ltd. has installed, configured and maintains two excellent firewalls. A full description of each is as follows:

1. Cequrux Firewall

The Ceqrux Firewall/VPN Gateway is an Internet/Intranet Firewall Server with VPN capabilities. It has a multiplicity of features, including application proxies, spam mail filtering and transparent TCP and UDP protocol gateway. Ceqrux performs extensive authentication for access to any of the services. It also offers sophisticated logging, reporting and traffic accounting functionally.

2. Symantec Enterprise Firewall

This was designed to support businesses with highly sophisticated networks as well as those just requiring basic e-mail and Web browsing. With its unique hybrid architecture, it ensures complete and transparent control of information entering and leaving the enterprise securing the Internet perimeter, corporate Intranets, private subnets, and branch offices from intrusion.

NTHC has constructed Cutting Edge(Gh) Ltd. to maintain and support its firewall solutions.