In March, 2008 the Federal Financial
Institutions Examination Council updated their handbook entitled
“Business Continuity Planning”. The guidelines include an audit work
program that examiners will be using in upcoming exams. These
guidelines serve as a consolidation of Y2K contingency planning
guidelines and other regulatory guidance aimed at assuring an
institution’s readiness for disasters of any sort. The new guidance
has incorporated "lessons learned" from recent disaster such as
Hurricane Katrina. The new guidance also adds a pandemic planning
and testing component
Our “program” includes templates aimed at meeting
the March ’08 FFIEC BCP guidelines. We have developed an Excel based
risk matrix, laying out the critical systems (including the
institution’s info security program) on one axis, and functional
business areas on the other axis. This risk matrix drives the BCP
program; a solid risk definition; system recovery plans (WORD based
templates); business process resumption plans (WORD based
templates); and a business impact analysis template (also WORD),
which contemplates, at the high-risk process level, each of the 9
regulatory-defined risks.
One of the key components to BCP and pandemic
compliance is annual testing. We have facilitated numerous planning
sessions for our clients and would be pleased to do so for your
institution. Additionally, to aid our clients with this component,
we have created a menu of a half dozen disaster scenarios to choose
from.