Business Resumption Planning

1,228 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,228
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Business Resumption Planning

  1. 1. Thriving While Adapting - A Survival Guide For Our New Challenges Strategic Considerations For A Business Resumption Plan Presentation by Thomas Donofrio
  2. 2. Regulations require formalized business resumption/disaster recovery planning (“BR”) <ul><li>Contingency Planning for Financial Institutions (FFIEC SP-5) </li></ul><ul><li>Technology Risk Management </li></ul><ul><li>Risk Management of Outsourcing Technology Services </li></ul><ul><li>Infrastructure Threats </li></ul><ul><li>Network Security Vulnerabilities </li></ul><ul><li>GLBA </li></ul>BACKGROUND
  3. 3. Information technology systems and telecommunications have become critical to ongoing business success Natural disasters have the most significant impact on plan development, however . . . BACKGROUND
  4. 4. New age threats must now be seriously considered <ul><li>Information system and database intrusion </li></ul><ul><li>Cyber attacks on your web site </li></ul><ul><li>Terrorism </li></ul><ul><li>Electronically transmitted viruses </li></ul>BACKGROUND
  5. 5. Other Considerations <ul><li>Adequacy of your outsourced service providers BR and tests </li></ul><ul><li>Adequacy of your E-Insurance coverage </li></ul>BACKGROUND
  6. 6. People Power - This should be your primary focus <ul><li>Ensure BR leaders and backups are clearly identified </li></ul><ul><li>Ensure chains of command are established and communicated often </li></ul><ul><li>Ensure that an emergency contact list is kept current and distributed </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  7. 7. People Power - This should be your primary focus <ul><li>Employees must understand where and when they are to report for work </li></ul><ul><li>Require all employees to practice emergency procedures/walk through plan </li></ul><ul><li>Continuity of payroll and benefit services </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  8. 8. Facilities - Sufficient alternative space for . . . <ul><li>Customer, shareholder, vendor, and employee support center </li></ul><ul><li>Call Center operations </li></ul><ul><li>Data Center operations </li></ul><ul><li>Branch or branches </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  9. 9. Facilities - Sufficient alternative space for . . . <ul><li>Back office and daily operations </li></ul><ul><li>Internal technical support </li></ul><ul><li>Loan origination </li></ul><ul><li>Trust and wealth management </li></ul><ul><li>Executive, financial, HR, and administration </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  10. 10. Connectivity - Communication plans are critical <ul><li>Establish priorities </li></ul><ul><li>Data/Voice lines </li></ul><ul><li>ATMs </li></ul><ul><li>Tellers and CSRs </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  11. 11. Connectivity - Communication plans are critical <ul><li>Document/backup of communication line setups, by location </li></ul><ul><li>Work with more than one telecommunications carrier </li></ul><ul><li>Maintain redundancy links for your communication/data networks </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  12. 12. Connectivity - Communication plans are critical <ul><li>Consider using the Internet as a contingency alternative </li></ul><ul><li>Reestablishing the Call Center and voice response unit technology </li></ul><ul><li>Consider wireless/handheld devices for contingency use </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  13. 13. Business Processes and Information Technology <ul><li>A Business Impact Analysis is a must </li></ul><ul><li>Start with a comprehensive technology universe for the bank </li></ul><ul><li>Identifies, by area, all systems in place </li></ul><ul><li>Identifies, by area, all networks in place </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  14. 14. Business Processes and Information Technology <ul><li>Start with a comprehensive technology universe for the bank </li></ul><ul><li>Identifies WAN design/components </li></ul><ul><li>Identifies, by area, database being maintained </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  15. 15. Business Processes and Information Technology <ul><li>Start with a comprehensive technology universe for the bank </li></ul><ul><li>Identifies the bank’s technology and data owners </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  16. 16. Business Processes and Information Technology STRATEGIC COMPONENTS OF BUSINESS RESUMPTION <ul><li>Create a short list of key technology and data owners, department managers, and executives for interviewing </li></ul>
  17. 17. Business Processes and Information Technology <ul><li>Quantify and qualify the business impact </li></ul><ul><li>Financial impact </li></ul><ul><li>Reputation impact </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  18. 18. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Impact if function/technology is lost </li></ul><ul><li>Financial </li></ul><ul><li>Reputation </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  19. 19. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Who is affected by downtime or loss </li></ul><ul><li>Customer </li></ul><ul><li>Staff </li></ul><ul><li>Vendors/service providers </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  20. 20. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Which systems and processes are critical </li></ul><ul><li>Mission critical (high) </li></ul><ul><li>Manageable (medium) </li></ul><ul><li>Not mission critical (low) </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  21. 21. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Database classifications </li></ul><ul><li>Confidential </li></ul><ul><li>Restricted </li></ul><ul><li>Internal use </li></ul><ul><li>Unclassified </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  22. 22. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Identify post-disaster security/safeguard system needs </li></ul><ul><li>Electronic safeguards - transaction and customer accounts </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  23. 23. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Identify post-disaster security/safeguard system needs </li></ul><ul><li>Physical security issues </li></ul><ul><li>Policy and procedures </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  24. 24. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Identify post-disaster security/safeguard system needs </li></ul><ul><li>System performance and capacity monitoring </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  25. 25. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Identify cost to recover </li></ul><ul><li>Can you assign a value to your information databases intellectual property? </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  26. 26. Business Processes and Information Technology <ul><li>Rank processes and technology </li></ul><ul><li>Identify cost to recover </li></ul><ul><li>Are you adequately insured? </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  27. 27. Business Processes and Information Technology <ul><li>Document and prioritize potential threats and reactions required </li></ul>STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  28. 28. Post-disaster communication protocol for service providers, suppliers, and regulators STRATEGIC COMPONENTS OF BUSINESS RESUMPTION
  29. 29. <ul><li>Internet banking </li></ul><ul><li>Core applications </li></ul><ul><li>Item processing </li></ul><ul><li>Web site hosting </li></ul>YOUR RESPONSIBILITIES FOR OUTSOURCED TECHNOLOGY SERVICES
  30. 30. <ul><li>Adequacy of BR documentation </li></ul><ul><li>Adequacy of BR testing and results thereon </li></ul><ul><li>Adequacy of system security and network/Internet intrusion detection </li></ul>OUTSOURCING VENDOR SELECTION AND RISK MANAGEMENT DUE DILIGENCE
  31. 31. <ul><li>Adequacy of system redundancy </li></ul><ul><li>Guarantees regarding system performance and availability </li></ul><ul><li>Compliance with privacy regulations </li></ul>OUTSOURCING VENDOR SELECTION AND RISK MANAGEMENT DUE DILIGENCE
  32. 32. <ul><li>Electronic intangible property loss </li></ul><ul><li>PR expenses to mitigate reputation loss </li></ul><ul><li>Breach of security losses </li></ul><ul><li>Errors in processing </li></ul><ul><li>Reconstruction of data </li></ul><ul><li>Damages caused by viruses </li></ul>DOES YOUR CONTINGENCY PLANNING INCLUDE A TECHNOLOGY INSURANCE COVERAGE EVALUATION?
  33. 33. <ul><li>System specific coverage </li></ul><ul><li>Financial losses related to E-Commerce or network intrusion </li></ul><ul><li>Computer crime losses due to non-employees </li></ul><ul><li>Loss of income due to suspension of operations </li></ul>DOES YOUR CONTINGENCY PLANNING INCLUDE A TECHNOLOGY INSURANCE COVERAGE EVALUATION?
  34. 34. <ul><li>Computer crime losses due to employees, officers, directors, agents, etc. </li></ul><ul><li>E-Insurance coverage </li></ul>DOES YOUR CONTINGENCY PLANNING INCLUDE A TECHNOLOGY INSURANCE COVERAGE EVALUATION?
  35. 35. E-INSURANCE COVERAGE IN PLACE FOR ISP AND OTHER OUTSOURCING VENDORS
  36. 36. <ul><li>Word processor and/or a database </li></ul><ul><li>Menu driven </li></ul><ul><li>Risk/Impact analysis module </li></ul><ul><li>Data importing capabilities </li></ul>BR SOFTWARE
  37. 37. Sample Vendors <ul><li>COMDISCO </li></ul><ul><li>McGladrey & Pullen, LLP </li></ul><ul><li>Presage Corp. </li></ul><ul><li>Strohl Systems Group </li></ul><ul><li>SunGard Planning Solutions </li></ul>BR SOFTWARE

×