Archives || Search || About Us || Advertise || Feedback || Subscribe-
Issue of January 2007

Untitled Document

 Home > Cover Story
 Print Friendly Page ||  Email this story


Securing Bank Of India

Bank of India is racing to be the most secure bank to serve its customers better By Kushal Shah.

P A Kalyansundar

Being in India’s banking sector, Bank of India has the responsibility of serving its customers with adequate security. Like most leading banks, it has taken all possible actions to beef up its IT infrastructure and security set-up. It has taken care of all the areas in the organisation, which are critical from a security standpoint. Technologies such as biometrics and encryption are in use. Conducting regular drills at its data recovery site and successfully recovering most of the IT system instantaneously after a simulated disaster. Bank of India looks like a bank which never stops working regardless of the scale of the catastrophic event that it may face. This bank has much more to offer to its customers while it guns for a ISO 27001 certification.

Policy and Audit:

Bank of India, India’s public sector bank is one of the biggest in this category.

The banks security policies are reviewed anually. For evaluating the state of the system auditing is performed on annual basis across all the branches of Bank of India. Apart from auditing for regular operations, auditing for critical operations is done concurrently. Risk assessment is performed based on audit reports. According to the tests conducted for the risks, Bank of India was found out to be risk free from threats and vulnerabilities.

About the Company
Bank of India is an established commercial banks with a pan-Indian presence and is a century old having been founded on 7th September 1906.

The Bank is rated as one of the top five banks in the country, with over 2,650 branches across India and 23 foreign branches or offices with an asset base of over $26 billion. Corporate credit, trade finance, loan syndication, export finance, forex operations and all types of retail banking are its forte.

The bank was the first Indian financial institution to open its branches in London in 1946. After World War II, it opened a branch in Tokyo, Japan on May 17, 1950. Soon after this the Osaka branch was established on 20th October 1950. With fifty-three years of experience in global banking it has strong assets and correspondent relations with leading international banks. The bank believes in a total package approach to meet all financial and non-financial requirements of its customers.


The top priority in the bank’s security policy is that its operations should be carried out in a secure and safe manner and that accessibility to the people in the organisation as well as those outside should be provided in a secure and controlled way. For evaluating the state of the system, auditing is performed annually across branches

The bank follows processes such as information profiling which involves classification of information into categories, such as, secret, confidential, corporate confidential, offices and public. Every new process is scanned for its risks and vulnerabilities and various other security clearance aspects. Only after it has been cleared by both the teams, it can go ahead and become the part of the organisation’s business.


Bank of India has all the security related software and hardware like anti-virus, spam filters, firewalls, content filters, storage security installed and implemented. Using all these tools they seem to have a stable organisational security structure. The bank uses all possible vulnerability tools to ensure that its infrastructure is not vulnerable to external attack. It uses biometrics at all critical installations for authentication and encryption is used across the board. A team of 10-15 security specialists at the head office takes care of the important tasks. Apart from the core team, a team of about 150 people is taking care of security across branches.

DR/BC set-up
  • The BoI data centre set-up is located in Mumbai and forms the tier-one. The tier-two set-up, the disaster recovery centre, is based in Bangalore and is in a different seismic zone. The connectivity between these two centres and across branches is established by means of dedicated leased lines that have been leased from MTNL, BSNL and Bharti Enterprise.
  • Branch links terminate at Network Aggregation Points (NAPs) that are simultaneously connected to the BoI data centre in Mumbai and DR centre at Bangalore. The inter-connectivity is established based on point-to-point protocol using leased lines. Data travels through multiple leased lines from the data centre to the disaster recovery centre.
  • The core banking applications run on Finacle from Infosys and the database is set up using the Oracle Financial Service Architecture.
  • The core banking applications run on multiple HP Superdome servers while the storage solutions have been migrated to a HP StorageWorks XP1024 disk array. This is further connected through leased lines to various Cisco switches and routers deployed across the country with the branches forming a hub and spoke topology that uses a central point to co-ordinate activities between various branches and the data centre.
  • At present, the operations at about 2,433 branches across the country are computerised out of which 108 operate in a partially-computerised mode. The bank is a member of the RBI’s VSAT Network and has installed about 39 VSATs linking strategic branches and offices adding redundancy during disaster.

Data Recovery
  • Bank of India has a data recovery site located at a different seismic zone from its primary site.
  • The secondary site is a hot site that is almost identical to the primary one.
  • Bank of India can recover its entire core-banking setup almost instantaneously.
  • It periodically conducts drills at the DR site.


Bank of India is the first Indian bank to open a branch in London, a task it accomplished way back in 1946. It is rated as one of the top five banks in India with more than 2,650 branches in the country and 23 abroad with an asset base of over $26 billion

As far as certifications are concerned, Bank of India complies with RBI regulations and IT Act 2000. Bank of India is also in an process of getting ISO 27001 certification. IDRBT Hyderabad handed the best bank for information security policy and practices award to Bank of India.


The entire IT infrastructure management has been outsourced. Core banking is outsourced and managed by HP. The ATM systems are handled by eFunds.

- <Back to Top>-  
Untitled Document
Indian Express - Business Publications Division

Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.