Transcript of "11.08.30 5 ways to disasterproof your credit union article"
Credit Union IT Leadership Series:5 Ways to Disaster-proof Your Credit Union’s IT EnvironmentDisaster preparedness planning is one of the most common reasons credit unions engage our firm. And rightfully so,it is one of the most important elements of effective information systems management for a credit union of any size.Although a credit union’s ability to withstand large (and not so large) catastrophic events has always been relevant,there has never been more emphasis on disaster recovery (“DR”) as a practice. Ask an industry expert and you’lllearn that this is primarily due to two factors: One, an ever growing reliance on data, information, technology, andInternet; and two, oddly enough, Hurricane Katrina.In recent years a credit union’s reliance on information technology has grown exponentially. Think of the ways werely on technology today that we did not just five or ten years ago. To service the daily needs of our membership welean on our ability to quickly and efficiently access not just core processor data but many sources of information anddatabases that support our roles. Beyond the core processor, credit unions rely on email and voice communications,web portals, lending platforms, third party payment and processing services, ATM connectivity, CRM and MCIFsystems, file and document imaging services – the list goes on and on.While Hurricane Katrina isn’t the only other reason there has been increased emphasison DR, it was a huge contributor to why regulating bodies started to highlight the needfor credit unions to more thoroughly, creatively, and urgently act to improve their DRcapabilities. Our take: a huge natural disaster should not be your only impetus toimprove your credit union’s ability to respond to a disaster. More often than not, ourcredit union experts are focused on the more menial of “disasters”, think simple powerfailures or internet connectivity issues.Since each credit union is truly unique, professional assistance should be sought whennecessary. Many of our credit union clients internally feel comfortable with manyregulatory issues affecting their business but often feel uncomfortable about IT relatedcompliance requirements due to unfamiliarity with the subject matter. There are a hostof qualified service providers that can assess your individual needs and make recommendations for policy andprocedural changes as well as environmental improvements.The good news is, there are many ways your IT disaster recovery plan can be improved. This article will introduceyou to five ways to “disaster-proof” your credit union’s IT environment. And while having said that, we all knowthere is no way to truly disaster-proof your environment; however, solid planning and preparedness can greatlyreduce the likelihood of a simple or severe disaster creating downtime for you, or more importantly, yourmembership. Encompass Group, LLC | 2310 Superior Avenue E, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100
Here are five basic concepts to consider when designing your credit union’s IT disaster recovery plan: 1. Always start with a comprehensive risk analysis. The most prepared credit unions have a deep understanding of their systems both technically and functionally. Technically you must have detailed documentation of all aspects of information systems including network configuration, platforms, and line of business applications. Start with the application environment by taking a detailed inventory of software, who depends on each, and their criticality to maintaining member service. Since access to these applications is so important to maintaining member service, it is important to complete an in depth situation analysis. Think in terms of, if this happens, then what. For example, if internet connectivity is disrupted, what does this impact? Does it impact ATM connectivity? Access to core processor? Does it impact everyone or just the branch environment? If a specific lone event can cause disruption to a critical function, it is considered a single point of failure. A comprehensive risk analysis aims to minimize single points of failure. Based on size and budget, some credit unions seek to eliminate single points of failure altogether, while in some cases it is enough to identify the single point of failure and institute a failover strategy. These strategies should be documented in your procedure manual. 2. Don’t forget non-core processor systems! There is a natural tendency for credit unions to focus so pointedly on their core processor that they often lose sight of other systems they deeply rely on. No doubt the core processor is the single most important system in place for any financial institution but it can be similarly important to maintain accessibility to such ancillary systems as: document management and imaging, lending platforms, email and collaboration systems, CRM and MCIF systems, etc. Don’t forget these critical systems when considering your disaster preparedness strategy. 3. While technology is important, credit unions often misjudge their dependency on the human aspect of IT. Maintaining uptime of critical systems is important; however, what would happen if your IT team, often a single individual, were to disappear? Does your credit union have the detailed documentation in place necessary to pick up the pieces and move forward? Does your credit union rely on a single person to maintain access to critical systems? If so, this can be a security and disaster preparedness risk. Also, on the topic of the human aspect IT, does your member-facing staff have a good understanding of backup procedures and how to communicate to a member when systems are temporarily down? Training is important here. Also, consider working with your IT staff or provider to draft a comprehensive set of systems documentation including credentials, systems configurations, scenario analysis, etc. Store this in a safe place, one that is accessible even in a disaster situation – that’s when you’ll need it most. Encompass Group, LLC | 2310 Superior Avenue E, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100
4. Have a solid and actionable testing procedure in place, and follow-through. Once your credit union has solid disaster preparedness policies and actionable procedures in place it is important to have a regularly scheduled testing routine. Consider monthly, quarterly, semiannual and annual testing procedures. Document frequencies and timelines. Document the results of each test and resulting action items. For example, too often we see credit unions that take daily backups and rarely (if ever) complete a test restore to ensure their backup data is actually usable in a disaster situation. Typical testing activities include: backup battery testing and runtime analysis, generator failover testing and runtime analysis, test restore of backup data, testing of backup internet connectivity and failover functionality, testing of alternate access to core processor systems, etc. Consider a regularly scheduled mock disaster with your team. 5. Consider new technologies: virtualization, remote backups, wireless functionality. There are a myriad of new technologies today that weren’t available or were not cost effective just two or three years ago. One technology is virtualization; consider this technology to not only reduce the size of the server environment but to also reduce restoration time in a disaster scenario. For example, a server your credit union relies on can often be virtualized and imaged in a way that can be rapidly restored if necessary, thus reducing downtime when disaster strikes. Remote data backups are another technology that has minimized many credit unions’ dependency on tape-based backups and also increases data security and reduces cost. New wireless functionality exists today that can provide internet connectivity to an entire credit union or branch office in an internet outage situation. This technology uses a router equipped with a cellular receiver that can utilize a wireless carrier to stream internet to the financial institution. These are just three new technologies, there are more available and more coming down the pike, consult a credit union IT professional for more ideas.Learn more at our website: www.encompassgroupllc.comAbout Encompass Group, LLCWe help credit unions better utilize technology to support their goals as well as meet and maintain regulatory standards.The technical requirements facing today’s credit unions are often more challenging than comparably sized for-profit companies. That is why our team has developedspecific skill sets to address those challenges – enabling our credit union clients to operate more efficiently and to focus on what they do best: servicing and growingtheir membership. Encompass Group, LLC | 2310 Superior Avenue, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100