ITIL and Basel II – intelligently implemented
by the Santander Consumer Bank AG
Basel II, ITIL and SOX are requirements in the financial services
sector that cause many headaches and can bring high investments
with them. This makes it even more important to find the
proper software to comply with the demands of these guidelines.
Freiburg, 27 October 2006. The IT Infrastructure Library (ITIL) contains a collection of guidelines for processes in the field of IT service management. In this way, ITIL can contribute to the optimization of services, investments, and resources in the IT department. However, the implementation of IT service management does not always proceed without problems; mistakes made in implementation can carry unforeseen costs with them. This causes many IT departments to have too many choices to make a decision when looking for the proper system for ITIL guidelines.
IT departments of banks and financial institutions must adhere to additional guidelines besides ITIL: although the provisions of Basel II are officially only required as of 1.1.2008, they are already in use in many enterprises. This is indeed the case for the Santander Consumer Bank: Basel II is the continuation of Basel I and contains numerous provisions for individual capital outlays for banks and their disclosure. New in these guidelines is the inclusion of operational risk, which means that the risk of loss must be calculated for all internal practices and systems.
The Santander Consumer Bank uses the standard software Intrexx Xtreme, from the German software vendor United Planet, for these purposes. With it, an enterprise portal was constructed, in which all infrastructural components of the bank are administered. With the click of a button, the hardware components that are in use by an IT service can now be shown. The program automatically shows the failure risk these components possess, and if an appropriate backup is available to minimize this risk. At the same time, all detailed information on this IT service (maintenance, licensing, service, rental and leasing contracts, etc.) can be displayed.
Having an infrastructure with 45 IT services and about 1000 server-side hardware components of extremely varied origins such as iSeries, zSeries, HP-UX, Novell, Windows, and Citrix made it appear impossible, at first, to adhere to the new guidelines. It was decided to use the platformindependent Intrexx software due to its quick realizability, ending with astonishment at the simplicity of the project’s implementation. The management, previously horrified by the range of legal guidelines, by now never wants to go without this information again, in order to unlock the economic potential of an IT service.
The automated processes created for these purposes help as well to efficiently serve the requirements of SOX. The Sarbanes-Oxley Act of 2002 (SOX) is a law for the improvement of reporting by businesses in the wake of the accounting scandals by companies such as Enron and Worldcom. At the Santander Consumer Bank, the implemented application discloses the processes, risks, and responsibilities that must be considered, and thereby accommodates for the requirements of the US law, which stipulates that a high amount of transparency is required.
Since with Intrexx, multilingual documentation can be created, there is no longer anything standing in the way of implementation in additional locations worldwide, in order to be equipped for requirements there as well.
