The Office of the Comptroller of the Currency (OCC) has chosen CenturyLink Inc to provide its disaster recovery services for the next year. The contract is for a single year but can be extended up to five times on an annual basis. Sensibly there is a cap on costs at $29 million. This protects the OCC from excessive charges in subsequent years once the initial planning is completed.
Interesting contract terms
The length and nature of the contract is interesting. It is likely that if the OCC had negotiated a five year term in the first instance it would have obtained a lower cost. However this type of contract delivers a flexibility that means it can switch to another cloud provider should it wish to do so. There are other reasons why the OCC might have opted for this segmented contract term. The most recent tender documents on the Federal Business Opportunities website indicates that the main computing services contract is due to complete in November 2017. As a result the OCC may look to switch to a single provider at this time.
The contract itself will see CenturyLink provide dedicated hardware and storage for managed disaster recovery for the critical systems for OCC. The agreement will see services such as disaster recovery program testing, security, compliance, configuration management, emergency operations and documentation requirements met.
The importance of Disaster recovery
The OCC is no stranger to recommending disaster recovery. Its role is to charter, regulate and supervise all national banks and federal savings associations as well as federal branches and agencies of foreign banks. It has four offices in the US, and an overseas branch in London. It is not clear whether London forms part of this contract.
The threats to organisations have been evolving over the last few years. These threats are no longer just natural disasters. The Spring 2016 Semiannual Risk Perspective From the National Risk Committee contained a warning to banks. The document states: “Banks may not adequately incorporate resiliency considerations, including recovery from cyber events, into their overall governance, risk management, and strategic planning processes.”
It is refreshing to see that the organisation itself takes disaster recovery seriously. As a result the OCC is taking appropriate steps to mitigate its own risks. CenturyLink Senior Vice President and General Manager Tim Meehan commented: “CenturyLink is pleased to provide the OCC with disaster recovery services that will help the agency that oversees our nation’s banking system maintain continuity of operations in the event of an emergency”
Conclusion
The fact that the OCC is on top of its disaster recovery plans is noteworthy. However the really interesting thing in this story is the contract term. In previous years it would have been impossible to set up contracts of this nature. The up front costs of setting up disaster recovery used to make it too expensive to do. That CenturyLink are capable of effectively commoditising disaster recovery is worthwhile noting.
There is no doubt a premium for this type of contract. The fact it is even viable will open up the possibility for other CIO’s to consider this option. In theory disaster recovery could merely be a case of repointing server replication to new IP addresses. This is, granted, massively simplifying things. As Cloud solutions become ubiquitous there is no doubt that there will be more one year contracts appearing. It may become harder for companies to lock in customers to longer contracts. The sales teams will need to be aware of this
