The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Bagore Daimuro
Country: Antigua & Barbuda
Language: English (Spanish)
Genre: Automotive
Published (Last): 23 July 2010
Pages: 293
PDF File Size: 14.31 Mb
ePub File Size: 11.20 Mb
ISBN: 238-8-48669-291-7
Downloads: 57910
Price: Free* [*Free Regsitration Required]
Uploader: Shaktijora

The BCP should be updated based on changes in business processes, audit recommendations, and lessons learned from testing. Critical markets include, but may not be limited to, the markets for federal funds; foreign exchange; commercial paper; and government, corporate, and mortgage-backed securities. Tom also spent three years as an ASP. Top 10 Data Breach Influencers.

Understand the current cyber threats to all public and private sector organizations; Develop a multi-tiered risk handvook approach built upon governance, processes and information systems; Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls.

Webinar Beyond Managed Security Services: Balancing Privacy, Technology Advancement. Pandemic Planning Appendix E: With a strong background in computer security and great interest in current trends, Tom enjoys writing on security related topics. In response to competitive and customer demands, many financial institutions are moving toward shorter recovery periods and designing technology recovery solutions into business processes.

The four steps in this process include:. Phishing is Big Business. Based on a comprehensive BIA and risk assessment.

Laws, Regulations, and Guidance Appendix J: Ensuring employees are trained and aware of their roles in the handboook of the BCP. Based on these guidelines, key financial industry participants are expected to identify activities that support these critical markets, continually maintain their ability to recover hajdbook resume critical operations in a timely manner, and routinely use or test recovery and resumption arrangements.


The Critical Importance of Data Integrity. Don’t have one of these accounts? The second part describes the technical aspects regarding risk, including assessment, management, testing and monitoring.

These technological advances underscore the importance of maintaining a current, enterprise-wide BCP. This booklet is intended to handbookk guidance to the financial institutions regarding Business Continuity Planning, which helps companies recover and resume business processes when operations have been disrupted unexpectedly.

Security Agenda – Battling Insider Threats.

Risk monitoring and testing ensures that the institution’s business continuity planning process remains viable through the: The first part describes the planning process of creating a Business Continuity Plan, along with conttinuity responsibilities of senior management during that process. Flexible to respond to unanticipated threat scenarios and changing internal conditions. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.

Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis; Busijess of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes; Identification of the legal and regulatory requirements for the institution’s business functions and processes; Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes; Estimation of recovery time objectives RTOsrecovery point objectives RPOsand recovery of the critical path.

Financial industry participants that perform clearing and settlement activities for critical financial markets core firms and organizations that process a significant share of transactions in critical financial markets significant firms are required to follow interagency guidelines, Refer to the “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.

Business Continuity Planning

Become A Premium Member. Allocating knowledgeable personnel and sufficient financial resources to implement the BCP. This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices.


Breaches, Regulations and More. Because financial institutions are part of the nation’s critical infrastructure, it is important to minimize disruptions to their business.

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

Business Continuity Plans and examination procedures. Take a Good, Hard Look at Devices.

This part of the process includes all of the critical functions and processes of the business along with the potential threats to these different aspects. The State of Adaptive Authentication in Banking. The business continuity planning process involves the recovery, resumption, and maintenance of the entire business, not just the technology component.

FFIEC IT Examination Handbook InfoBase – Business Continuity Planning

Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.

Presented By Ron Ross Sr.

Changes in business processes include technological advancements that allow faster and more efficient processing, thereby reducing acceptable business process recovery periods. Management should also prioritize business objectives and critical operations that are essential for survival of the continiuty since the restoration of all business units may not be feasible because of cost, logistics, and other unforeseen circumstances.

Protecting Customer Trust in e-Banking. Specific regarding what conditions should prompt implementation of the plan and the process for invoking the BCP. Establishing policy by determining how the institution will manage and control identified risks. Identification of the legal and regulatory requirements for the institution’s business functions and processes.

Closing Thoughts The above listed examination procedures are intended to be a handnook process.