The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.
|Published (Last):||5 October 2005|
|PDF File Size:||6.69 Mb|
|ePub File Size:||5.57 Mb|
|Price:||Free* [*Free Regsitration Required]|
More Breaches Illustrate the Vulnerabilities. Business Continuity Planning Businesa Action Summary A financial institution’s business continuity planning process should reflect the following objectives: Based on a comprehensive BIA and risk assessment; Documented in a written program; Reviewed and approved by the board and senior management at least annually; Disseminated to financial institution employees; Properly managed when the maintenance and development of the BCP is outsourced to a third-party; Specific regarding what conditions coninuity prompt implementation of the plan and the process for invoking the BCP; Specific regarding what immediate steps should be taken during a disruption; Flexible to respond to unanticipated threat scenarios and changing internal conditions; Focused on the impact of various threats that could potentially disrupt operations rather than on specific events; Developed based on valid assumptions and an analysis of interdependencies; Effective in minimizing service disruptions.
The four steps in this process include:.
Please fill out the following fields All fields required: Protecting Customer Trust in e-Banking. Top 10 Data Breach Influencers.
Risk Management Risk Management is the process of nandbook, assessing and reducing risk to an acceptable level through a proper Business Continuity Plan. Big Data Security Analytics. Financial institutions that do not directly participate in critical financial markets, but support critical financial market activities for regional or national financial sectors, are also expected to establish business continuity planning processes commensurate with their importance in the financial industry.
Examination Procedures The following describes the different aspects of creating and maintaining a Business Continuity plan. The Business Continuity Plan is an ongoing process that needs to be updated as events occur.
FFIEC IT Examination Handbook InfoBase – Business Continuity Planning
Allocating knowledgeable personnel and sufficient financial resources to implement the BCP. Top 10 Influencers in Government InfoSec. The Best of Infosecurity Europe Properly managed when the maintenance and development of the BCP is outsourced to a third-party. Don’t Take the Bait: This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices.
This framework should include a plan for short-term and long-term recovery operations. Incorporation of the BIA and risk assessment into the BCP and testing program; Development of an enterprise-wide testing program; Assignment of roles and responsibilities for implementation of the testing program; Completion of annual, or more frequent, tests of the BCP; Evaluation of the testing program and the test results by senior management and the board; Assessment of the testing program and test results by an independent party; Revision of the BCP and testing program based upon changes in business operations, audit and examination recommendations, and test results.
Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes. Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence; Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.
As such, other policies, standards, and processes should also be integrated into the overall business continuity planning process.
Because financial institutions are part of the nation’s critical infrastructure, it is important to minimize disruptions to their business. With a strong background in computer security and great interest in current trends, Tom enjoys writing on security related topics.
Keep me signed in.
FFIEC IT Examination Handbook InfoBase – Business Continuity Planning Process
Create an ISMG account now. Risk Assessment The risk assessment is the second step in the process of creating a Business Continuity Plan. You comtinuity also be interested in …. His recent research includes rootkit detection and advanced steganography methods, and his thesis work relates to network traffic analysis and reporting.
Business Continuity Planning
Become A Premium Member. Without an enterprise-wide BCP that considers all critical elements of the entire hanebook, an institution may not be able to resume customer service at an acceptable level.
hsndbook Management should also prioritize business objectives and critical operations that are essential for survival of the institution since the restoration of all business units may not be feasible because of cost, logistics, and other unforeseen circumstances. A financial institution’s board and senior management are responsible for the following: Live Webinar Sunset of Windows Server Evaluating the BIA assumptions using various threat scenarios.
During the risk assessment step, business processes and the Business Impact Hansbook assumptions are evaluated using various threat scenarios.
Don’t Rush Tribune Ransomware Attribution. Already have an ISMG account? Don’t have one of these accounts?
Based on a comprehensive BIA and risk assessment. Estimation of maximum allowable downtime, as well as dontinuity acceptable level of losses, associated with the institution’s businese functions and processes. Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis; Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes; Identification of the legal and regulatory requirements for the institution’s business functions and processes; Estimation of gandbook allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes; Estimation of recovery time objectives RTOsrecovery point objectives RPOsand recovery of ffjec critical path.
The Critical Importance of Data Integrity. In response to competitive and customer demands, many financial institutions are moving toward shorter recovery periods and designing technology recovery solutions into business processes.
Sign in with your ISMG account. Business continuity planning involves the development of an enterprise-wide BCP and the prioritization of business objectives and critical operations that are essential for recovery.