The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Vilabar Tuhn
Country: Japan
Language: English (Spanish)
Genre: Spiritual
Published (Last): 17 April 2014
Pages: 477
PDF File Size: 19.71 Mb
ePub File Size: 16.85 Mb
ISBN: 713-3-66226-553-8
Downloads: 46587
Price: Free* [*Free Regsitration Required]
Uploader: Shakazilkree

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

Without an enterprise-wide BCP that considers all critical elements of the entire business, an institution may not be able to resume customer service at an acceptable level. As such, other policies, standards, and processes should also be integrated into the overall business continuity planning process. More Breaches Illustrate the Vulnerabilities. Promising Security Technologies in the Year Ahead.

Top 10 Data Breach Influencers. Risk monitoring and testing ensures that the institution’s business continuity planning process remains viable through the: Risk Assessment The risk assessment is the second step in the process of creating a Business Continuity Plan.

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

Our website uses cookies. Financial institutions that do not directly participate in critical financial markets, but support critical financial market activities for regional or national financial sectors, are also expected to establish business continuity planning processes commensurate with their importance in the financial industry.

Incorporation of the BIA and risk assessment into the BCP and testing program; Development of an enterprise-wide testing program; Assignment of roles and responsibilities for implementation of the testing program; Completion of annual, or more frequent, tests of the BCP; Evaluation of the testing program and the test results by senior management and the board; Assessment of the testing program and test results by an independent party; Revision of the BCP and testing program based upon changes in business operations, audit and examination recommendations, and test results.

Business Continuity Plan Financial institutions should develop a comprehensive Business Continuity Plan based on the size and complexity of the institution. This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices.


Based on a comprehensive BIA and risk assessment; Continukty in a written program; Reviewed and approved by the board and senior management at least annually; Disseminated to financial institution employees; Properly managed when the maintenance and development of the BCP is outsourced to a third-party; Specific regarding what conditions should prompt implementation of the plan and the process for invoking the BCP; Specific regarding what immediate steps should be taken during a disruption; Flexible to respond to unanticipated threat scenarios and changing ffiwc conditions; Focused on the impact of various threats that could cfiec disrupt operations rather than on specific events; Developed based on valid assumptions and an analysis of interdependencies; Effective in minimizing service disruptions.

Become A Premium Member. Because financial institutions are part of the nation’s critical infrastructure, it is important to minimize disruptions to their business.

Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution. The first part describes the planning process of creating a Business Continuity Plan, along with the responsibilities of senior management during that process.

Sign in now Need help registering? Bjsiness different topics allow organizations to evaluate the nusiness aspects of continuitg business and include them in their BCP. Top 10 Influencers in Government InfoSec. Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Business continuity planning includes the integration of the institution’s role in financial markets.

Similarly, smaller, less complex institutions are expected to fulfill their responsibilities by developing an appropriate business continuity planning process that incorporates comprehensive recovery guidelines based on the institution’s size and risk profile.

Top 5 Health Data Breaches. As an organization’s risk testing and monitoring detects changes in the company, a new Risk Assessment phase should occur to evaluate the impact of the changes and modify the Business Continuity Plan as needed.


Understand the current cyber threats to all public and private sector organizations; Develop a multi-tiered risk management approach built upon governance, processes and information systems; Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls. Examination Procedures The following describes the different aspects bksiness creating and maintaining a Business Continuity busineess. Register with an ISMG account.

Protecting Customer Trust in e-Banking. The four steps in this process include:.

Stop Parasites on Your Network: While the restoration of IT systems and electronic data is important, recovery of these systems and data will not always be enough to restore business operations. The New Faces of Fraud Survey.

Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis. Ensuring the BCP is continually updated to reflect the current operating environment.

A financial institution’s board and senior management are responsible for the following: The Challenge of Complete Identity Impersonation.

FFIEC IT Examination Handbook InfoBase – Business Continuity Planning

The Business Continuity Plan is an ongoing process that needs to be updated as events occur. Establishing policy by determining how the institution will manage and control identified risks; Allocating knowledgeable personnel and sufficient financial resources to implement the BCP; Ensuring that the BCP is independently reviewed and approved at least annually; Ensuring employees are trained and aware of their roles in the implementation of the BCP; Ensuring the BCP is regularly tested on an enterprise-wide basis; Reviewing the BCP testing program and test results on a regular basis; Ensuring the BCP is continually updated to reflect the current operating environment.

Looking Ahead to Laws, Regulations, and Guidance Appendix J: Risk Monitoring and Testing Risk monitoring buwiness testing is the final step in the business continuity planning process.