Bolster Your Business Continuity Planning

Should CUs accept the matricula consular as a form of ID?

Bolster Your Business Continuity Planning

A comprehensive business continuity plan does more than meet Federal Financial nstitution Examination Council (FFIEC) regulations, it proves to members, employees, and others that the business will withstand any disaster, according to “Business Continuity Planning and the FFIEC Guidelines,” a white paper by Strohl Systems, King of Prussia, Pa.

A business continuity plan is a collection of procedures and information that’s developed, compiled, and maintained in readiness for use to help an organization respond, recover, and resume in the event of a disaster. FFIEC advises conducting comprehensive planning using this sequential structure:

Business impact analysis. This is a management-level assessment of financial and operational impacts that would result from a prolonged disruption of business operations. A sound analysis should identify extraordinary expenses that could be incurred from a disaster, the organization’s current state of preparedness, points of failure, technology requirements for recovery, special recovery resources needed, and the organization’s critical information systems.
Risk assessment. This involves identifying specific risks your credit union may face. Focus on the impact of possible threats more than the nature of the threat. For example, a severe storm might not damage your facilities, but it may disrupt power. Consider a multitude of potential threats including natural disasters (earthquake, flood, hurricane), intentional manmade disasters (war, terrorism, hacking), and accidental disasters (power outage, equipment failures, software errors).
Risk management. This phase involves the “development of a written, enterprise-wide business continuity plan,” according to FFIEC. Develop a plan to deal with specific impacts and what it will take to recover and resume business operations.

At a minimum, a plan should contain the following:

Documented procedures and resources necessary to recover critical business functions;
A prioritization of recovery for processes and operations;
Information about who can declare a disaster and under what circumstances;
Contact lists of critical personnel (including vendors);
An inventory of critical equipment, office supplies, software, and documents;
Specifications for an alternate site (if necessary); and
Descriptions of the responsibilities and procedures to be followed by each continuity team.

Risk monitoring. This step ensures that the plan is viable through testing, independent review, and periodic updating. FFIEC guidelines outline four types of tests a credit union may perform:

Walk-through. Consists of key planning participants discussing how to handle a crisis. Its primary goal is to ensure that personnel are familiar with the financial institution’s continuity plan.
Tabletop drill. Consists of a scenario with a specific event for which recovery personnel have to run the continuity plan. It usually involves role-playing, and its goal is to practice and evaluate specific recovery tasks.
Functional test. Involves completing some of the recovery tasks and may include sending personnel to alternate sites. One of its goals is to set realistic recovery time objectives by measuring the time needed to complete certain tasks.
Full-scale test. Involves testing all aspects of a continuity plan. Data and transactions are processed at an alternate site.

For more information, visit www.planetstrohl.com.


Should CUs accept the matricula consular as a form of ID? Yes No	Bolster Your Business Continuity Planning A comprehensive business continuity plan does more than meet Federal Financial nstitution Examination Council (FFIEC) regulations, it proves to members, employees, and others that the business will withstand any disaster, according to “Business Continuity Planning and the FFIEC Guidelines,” a white paper by Strohl Systems, King of Prussia, Pa. A business continuity plan is a collection of procedures and information that’s developed, compiled, and maintained in readiness for use to help an organization respond, recover, and resume in the event of a disaster. FFIEC advises conducting comprehensive planning using this sequential structure: Business impact analysis. This is a management-level assessment of financial and operational impacts that would result from a prolonged disruption of business operations. A sound analysis should identify extraordinary expenses that could be incurred from a disaster, the organization’s current state of preparedness, points of failure, technology requirements for recovery, special recovery resources needed, and the organization’s critical information systems. Risk assessment. This involves identifying specific risks your credit union may face. Focus on the impact of possible threats more than the nature of the threat. For example, a severe storm might not damage your facilities, but it may disrupt power. Consider a multitude of potential threats including natural disasters (earthquake, flood, hurricane), intentional manmade disasters (war, terrorism, hacking), and accidental disasters (power outage, equipment failures, software errors). Risk management. This phase involves the “development of a written, enterprise-wide business continuity plan,” according to FFIEC. Develop a plan to deal with specific impacts and what it will take to recover and resume business operations. At a minimum, a plan should contain the following: Documented procedures and resources necessary to recover critical business functions; A prioritization of recovery for processes and operations; Information about who can declare a disaster and under what circumstances; Contact lists of critical personnel (including vendors); An inventory of critical equipment, office supplies, software, and documents; Specifications for an alternate site (if necessary); and Descriptions of the responsibilities and procedures to be followed by each continuity team. Risk monitoring. This step ensures that the plan is viable through testing, independent review, and periodic updating. FFIEC guidelines outline four types of tests a credit union may perform: Walk-through. Consists of key planning participants discussing how to handle a crisis. Its primary goal is to ensure that personnel are familiar with the financial institution’s continuity plan. Tabletop drill. Consists of a scenario with a specific event for which recovery personnel have to run the continuity plan. It usually involves role-playing, and its goal is to practice and evaluate specific recovery tasks. Functional test. Involves completing some of the recovery tasks and may include sending personnel to alternate sites. One of its goals is to set realistic recovery time objectives by measuring the time needed to complete certain tasks. Full-scale test. Involves testing all aspects of a continuity plan. Data and transactions are processed at an alternate site. For more information, visit www.planetstrohl.com.
	Copyright © 2008 - Credit Union National Association, Inc.