The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Malat Netaur
Country: Bahrain
Language: English (Spanish)
Genre: Health and Food
Published (Last): 12 April 2015
Pages: 30
PDF File Size: 2.59 Mb
ePub File Size: 3.31 Mb
ISBN: 518-9-79948-906-2
Downloads: 42355
Price: Free* [*Free Regsitration Required]
Uploader: Sazilkree

As an organization’s risk testing and monitoring detects changes in the company, a new Risk Assessment phase should occur to evaluate the impact of the changes and modify the Business Continuity Plan as needed. Business Continuity Planning Process Action Summary A financial institution’s business continuity planning process should reflect the following objectives: A financial institution’s board and senior management cojtinuity responsible for the following: Top 10 Data Breach Influencers.

Already have an ISMG account? Protecting Customer Trust in e-Banking. Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: In response to competitive and customer demands, many financial institutions are moving toward shorter recovery periods and designing technology recovery solutions into business processes.

Financial institutions that do not directly participate in critical financial markets, but support critical financial market activities for regional or budiness financial sectors, are also expected to establish business continuity planning processes commensurate with their importance in the financial industry. The State of Adaptive Authentication in Banking. Tom also spent three years as an ASP. With a strong background in computer security and great interest in current trends, Tom enjoys writing on security related topics.

While the restoration of IT systems and electronic data is important, recovery of these systems and data will not always be enough to restore business operations.

Presented By Ron Ross Sr. Stop Parasites on Your Network: This enterprise-wide framework should consider how every critical process, business unit, department, and system will respond to disruptions and which recovery solutions should be implemented. Big Data Security Analytics. Handboo, might also be interested in …. Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis; Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes; Identification of the legal and regulatory requirements for the institution’s business functions and processes; Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes; Estimation of recovery time objectives RTOsrecovery point objectives RPOsand recovery of the critical path.


Register with an ISMG account.

Next State of the Comtinuity Industry: These technological advances underscore the importance of maintaining a current, enterprise-wide BCP. Based on a comprehensive BIA and risk assessment. Risk Management Risk Management is the process of identifying, assessing and reducing risk to an acceptable level through a proper Business Continuity Plan.

Management should also prioritize business objectives and critical operations that are essential for survival of bisiness institution since the restoration of all business units may not be feasible because of cost, logistics, and other unforeseen circumstances.

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

The BCP should be updated based on changes in business processes, audit recommendations, and lessons learned from testing.

Properly managed when the maintenance and development of the Ffied is outsourced to a third-party.

Security Agenda – Battling Insider Threats. This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices.

Allocating knowledgeable personnel and sufficient financial resources to implement the BCP. Keep me signed in. This booklet is intended to provide guidance to the financial institutions regarding Business Continuity Planning, which helps companies recover and resume business processes when operations have been disrupted unexpectedly.

This part of the process includes all of the critical functions and processes of the business along with the potential threats to these different aspects. Risk monitoring and testing ensures that the institution’s business continuity planning process remains viable through the: Since these organizations participate in one or more critical financial markets and their failure to perform critical activities by the end of the business day could present systemic risk haandbook financial systems, their role in financial markets should be addressed as businews of the business continuity planning process.

In an exclusive presentation, Ross, lead author of NIST Special Publication – the bible of risk assessment and management – will share his unique insights on how to:.

Create an ISMG account now. Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence; Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.


Plans and Predictions for Cybersecurity in Gusiness Section Business Impact Analysis. Similarly, smaller, less complex institutions are expected to fulfill their responsibilities by developing an appropriate business continuity planning process that incorporates comprehensive recovery guidelines based on the institution’s size and risk profile.

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

The four steps in this process include:. Closing Thoughts The above listed examination procedures are intended to be a cyclical process. Focused on the impact of various threats that could potentially disrupt operations rather than on specific events. Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence.

Business Continuity Planning

In addition, this process should include each critical business function and the technology that supports it. Balancing Privacy, Technology Advancement. While this approach is reflected as four steps, the business continuity planning process actually represents a continuous cycle that should evolve over time based on changes in potential threats, business operations, bsuiness recommendations, and test results.

Risk Monitoring and Testing Risk monitoring and testing is the final step in the business continuity planning process. The Business Continuity Plan is an ongoing process that needs buxiness be updated as events occur.

Top 10 Influencers in Banking InfoSec. Sign in with your ISMG account. Better Cyber Threat Intelligence. Internet of Things Security.

The FFIEC agencies encourage financial institutions to adopt a cyclical, process-oriented approach to business continuity planning. Evaluation of the testing program and the test results by senior management and the board.