The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Malazil Kizuru
Country: Pakistan
Language: English (Spanish)
Genre: Technology
Published (Last): 8 October 2015
Pages: 226
PDF File Size: 9.93 Mb
ePub File Size: 3.60 Mb
ISBN: 860-3-28068-148-3
Downloads: 20261
Price: Free* [*Free Regsitration Required]
Uploader: Gotaur

Already have an ISMG account?

FFIEC IT Examination Handbook InfoBase – Business Continuity Planning Process

This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices. Management should also prioritize business objectives and critical operations that are essential for survival of the institution since the restoration of all business units may not be feasible because of cost, logistics, and other unforeseen circumstances. Big Data Security Analytics. But no one is showing them how – until now.

The BCP should be updated based on changes in business processes, audit recommendations, and lessons learned from testing. Keep me signed in. Risk Management Risk Management is the process of identifying, assessing and reducing risk to an acceptable level through a proper Business Continuity Plan. The Challenge of Complete Identity Impersonation. Protecting Customer Trust in e-Banking.

Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence; Performing a “gap analysis” that compares the existing BCP to the policies and procedures that ubsiness be implemented based on prioritized disruptions identified and their resulting impact on the institution.


Because financial institutions are part of the nation’s critical infrastructure, it is important to minimize disruptions to their business. Based on a comprehensive BIA and risk assessment.

Learn the fundamentals of developing a risk management program from the man ftiec wrote the book on the topic: Evaluating the BIA assumptions using various threat scenarios. Establishing policy by determining hanrbook the institution will manage and control identified risks; Allocating knowledgeable personnel and sufficient financial resources to implement the BCP; Ensuring that the BCP is independently reviewed and approved at least annually; Ensuring employees are trained and aware of their roles businses the implementation of the BCP; Ensuring the BCP is regularly tested on an enterprise-wide basis; Reviewing the BCP testing program and test results on a regular basis; Ensuring the BCP is continually updated to reflect the current operating environment.

The State of Adaptive Authentication in Banking. Similarly, smaller, less complex institutions are expected to fulfill their responsibilities by developing an appropriate business continuity planning process that incorporates comprehensive recovery guidelines based on the institution’s size and risk profile.

Ensuring the BCP is continually updated to reflect the current operating environment.

This framework should include a plan for short-term and long-term recovery operations. Top 10 Data Breach Influencers.

Breaches, Regulations and More. Enter your email address to reset your password. Ensuring employees are trained and aware of their roles in the implementation of the BCP. Balancing Privacy, Technology Advancement.

Business Continuity Planning

Without an enterprise-wide BCP that considers all critical elements of the entire business, an institution may not be able to resume customer service at an acceptable level.

Focused on the impact of various threats that could potentially disrupt operations rather than on specific events.

The first part describes the planning process of creating a Business Continuity Plan, along with the responsibilities of senior management during that process.


Examination Procedures The following describes the different aspects of creating and maintaining a Business Continuity plan. Phishing is Big Business.

Register with an ISMG account. In addition, this process should include each critical business function and the technology that supports it.

As an organization’s risk testing and monitoring detects changes in the company, a new Risk Assessment phase should occur to evaluate the impact of the changes and modify the Business Continuity Plan as needed. His recent research includes rootkit detection and advanced steganography methods, and his thesis work relates to contknuity traffic analysis and reporting.

Performing a “gap analysis” that compares the existing BCP to the policies and handbook that should be implemented based on prioritized disruptions identified and their resulting impact on the institution. Sign in now Need help registering?

Business Continuity Plan Financial institutions yandbook develop a comprehensive Business Continuity Plan based on the size and complexity of the institution. Pandemic Planning Appendix E: The business continuity planning process involves the recovery, resumption, and maintenance of the entire business, not just the technology component.

Become A Premium Member. Institutions “Not Out of the Woods”. Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes.

Business Continuity Planning Process Action Summary A financial institution’s business continuity planning process should reflect the following objectives: A financial institution’s board and senior management are responsible for the following: With a strong background in computer security and great interest in current trends, Tom enjoys writing on security related topics.