Disaster Recovery Policy - Page 1 of 5




               DISASTER RECOVERY POLICY
                    For Community Banks...
Disaster Recovery Policy - Page 2 of 5

Disaster Recovery Policy

In the event of any disaster or business interruption, i...
Disaster Recovery Policy - Page 3 of 5

management of disaster recovery.


PROCEDURES

1. IT Manager must name/update the ...
Disaster Recovery Policy - Page 4 of 5

•   Alternate location designation
•   How to determine safety and locations of cu...
Disaster Recovery Policy - Page 5 of 5

Readiness Checklist-Disaster Recovery Policy Appendix

The following checklist sho...
Upcoming SlideShare
Loading in …5
×

Disaster Recovery Policy

3,406 views

Published on

The disaster recovery plan guides managers and employees in the management of responses to various disasters that may occur in the course of business operations. The term disaster refers to any event that results in a disruption in the ability to provide normal services. A disaster may range in scope and duration from relatively minor, such as a temporary power outage, to a catastrophic event that interrupts service for a long period of time. Regardless of the magnitude of the business interruption, it must be managed.

Published in: Business, Economy & Finance
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,406
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
79
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Disaster Recovery Policy

  1. 1. Disaster Recovery Policy - Page 1 of 5 DISASTER RECOVERY POLICY For Community Banks and Credit Unions One of many free banking policies available https://control.continuity.net/featured_documents In the event of any disaster or business interruption, it is the policy of [The Financial Institution] that the safety and protection of customers and employees is paramount. Additionally, all prudent steps shall be taken to protect the assets of [The Financial Institution] and to resume all normal business operations as rapidly as possible. A disaster recovery plan, updated annually, addresses emergencies that have disruptive effects on institution operations, and negatively impact the institution's ability to provide adequate levels of service to its customers. All contingency plans will conform to the standard format as supported by the disaster recovery planning process. [The Financial Institution] agrees to demonstrate that all service providers who currently provide critical support services to the institution have adequate recovery/continuity plans for their respective products and services. There are three major concerns with every business interruption. 1. Safety and protection of employees and customers 2. Protection of bank assets 3. Normalizing operations www.continuity.net
  2. 2. Disaster Recovery Policy - Page 2 of 5 Disaster Recovery Policy In the event of any disaster or business interruption, it is the policy of Institution that the safety and protection of customers and employees is paramount. Additionally, all prudent steps shall be taken to protect the assets of the institution and to resume all normal business operations as rapidly as possible. A disaster recovery plan, updated annually, addresses emergencies that have disruptive effects on institution operations, and negatively impact the institution's ability to provide adequate levels of service to its customers. All contingency plans will conform to the standard format as supported by the disaster recovery planning process. The Institution agrees to demonstrate that all service providers who currently provide critical support services to the institution have adequate recovery/continuity plans for their respective products and services. There are three major concerns with every business interruption. 4. Safety and protection of employees and customers 5. Protection of bank assets 6. Normalizing operations The disaster recovery plan guides managers and employees in the management of responses to various disasters that may occur in the course of business operations. The term disaster refers to any event that results in a disruption in the ability to provide normal services. A disaster may range in scope and duration from relatively minor, such as a temporary power outage, to a catastrophic event that interrupts service for a long period of time. Regardless of the magnitude of the business interruption, it must be managed. For example, in the event of a power outage, various external and internal staff may support the efforts to normalize business. The power company may have their own set of procedures and activities. However, the IT Manager must provide overall management of the event for items such as: • Communication with employees, management, customers or members, and media • Decide the feasibility, timing and steps to get back to business as usual • Coordination of other support resources as needed • Determination of decision to reopen locations Responsibility The IT Manager is responsible for the prevention/risk management efforts and emergency response phase of disaster recovery management. The Technology Committee may be called upon to help manage and respond in the event of a business interruption, but the group does not generally assume responsibility for www.continuity.net
  3. 3. Disaster Recovery Policy - Page 3 of 5 management of disaster recovery. PROCEDURES 1. IT Manager must name/update the Technology Committee (If responsible for disaster recovery) or Disaster Recovery Team once per year. 2. The IT Manager is responsible for the annual update of the Institution's Business Impact Analysis as part of the disaster recovery plan update process. 3. All disaster recovery contact list must include a phone number for each contact and all contact information must be updated annually. 4. Designated managers, after having performed a business impact analysis of their department’s responsibilities, will compile a disaster recovery plan for the various functions under their direct supervision. 5. Completed plans are to be submitted to the Technology Committee for approval before submission to the Board of Directors for the final approval. 6. The recovery plans will be maintained at current levels of readiness and will be periodically tested under the direction of the Disaster Recovery Coordinator. 7. Test results are to be reviewed and used as the basis for improving plan contents and recovery strategies. 8. Testing of planning assumptions will be coordinated by IT Manager with all relevant support departments (e.g. IT,compliance, data processing), 3rd party service providers, and contingency planning hot-site facilities. 9. Annual 3rd party Vendor review must include their disaster recovery plan review. 10. Critical system restoration procedures must be tested and updated annually 11. A critcal service provider’s ability to provide continuing services will be evaluated by the IT Manager whenever new contracts are awarded. 12. All significant modifications to the Disaster Recovery Plan and testing results will be presented to the Board of Directors on an annual basis. 13. All employees must attest to reading and understanding critical parts of the disaster recovery plan annually. 14. IT Manager is responsible for Employee Training. Employees should be trained on the Disaster Recovery Plan, and should have critical parts of the plan available to them, both at work and at home. They should understand what actions the bank will take to normalize business after a disaster. • Communication procedures (calling tree) www.continuity.net
  4. 4. Disaster Recovery Policy - Page 4 of 5 • Alternate location designation • How to determine safety and locations of customer/members and employees at time of the emergency • Evacuation procedures • Damage assessment • Decisions to close www.continuity.net
  5. 5. Disaster Recovery Policy - Page 5 of 5 Readiness Checklist-Disaster Recovery Policy Appendix The following checklist should be used as a guide to help the institution determine its “readiness” for managing a disaster. 1. Does your plan account for an alternate site for processing work? 2. Know alternate location for meeting or work 3. Know the packages of critical documents required and located off-site so that they can be reproduced quickly if necessary 4. Confirm that necessary back-up information stored off-site (vital documents, core banking, network data) 5. Update listing of essential forms, equipment and supplies that will be needed at each location 6. Know where such business essentials can be obtained at the time of an emergency 7. Know the call tree (tip: schedule a periodic review) 8. Know insurance coverage for various events 9. Know police/fire contact procedures 10. Know the key internal personnel and review their assigned roles in various events 11. Train entire staff on procedures 12. Keep updated copies of Disaster Recovery Plans at the office and at home (off-site) www.continuity.net

×