The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Mazujora Gardakazahn
Country: Romania
Language: English (Spanish)
Genre: Technology
Published (Last): 4 December 2009
Pages: 448
PDF File Size: 11.86 Mb
ePub File Size: 4.54 Mb
ISBN: 984-3-79752-538-3
Downloads: 13215
Price: Free* [*Free Regsitration Required]
Uploader: Kazracage

This enterprise-wide framework should consider how every critical process, business unit, department, and system will respond to disruptions and which recovery solutions should be implemented. Identify and Block Unwanted Apps.

This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the appendices. A financial institution’s board and senior management are responsible for the following: Stop Parasites on Your Network: Enter your email address to reset your password. Specific regarding what conditions should prompt implementation of the plan and the process for invoking the BCP.

As such, other policies, standards, and processes should also be integrated into the overall business continuity planning process.

Better Cyber Threat Intelligence. The business continuity planning process involves the recovery, resumption, and maintenance of the entire business, not just the technology component. Allocating knowledgeable personnel and sufficient financial resources to continnuity the BCP.

Addressing Security in Emerging Technologies. Management should also prioritize business objectives and critical operations that businesss essential for survival of the institution since the restoration of all business units may not be feasible because of cost, logistics, and other unforeseen circumstances.

Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook

Don’t have one of these accounts? Ensuring employees are trained and aware of their roles in the implementation of the BCP. Webinar Beyond Managed Security Services: Risk Assessment The risk assessment is the second step in the process of creating a Business Continuity Plan.

Ensuring the BCP is continually updated to reflect cotninuity current operating environment. Don’t Take the Bait: Business Continuity Plans and examination procedures.


Because financial institutions are part of the nation’s critical infrastructure, it is important continuitty minimize disruptions to their business. Next Yandbook Business Impact Analysis. From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities.

Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes. The business continuity planning process should include regular contunuity to the BCP.

Identification of the legal and regulatory requirements for the institution’s business functions and processes. In an exclusive presentation, Ross, lead author of NIST Special Publication – the bible of risk assessment and management – will share his unique insights on how to:.

The State of Adaptive Authentication in Banking. The four steps in this process include:. Examination Procedures Appendix Businews Security Agenda – Battling Insider Threats. Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence.

Critical markets include, but may not be limited to, the markets for federal funds; foreign exchange; commercial paper; and government, corporate, and mortgage-backed securities.

Presented By Ron Ross Sr. Financial institutions that do not directly participate in critical financial markets, but support critical financial market activities for regional or national financial sectors, are also expected to establish business continuity planning processes commensurate with their importance in the financial industry.

FFIEC IT Examination Handbook InfoBase – Business Continuity Planning Process

Sign in now Need businesw registering? Business Continuity Plan Financial institutions should develop a comprehensive Business Continuity Plan based on the size and complexity of the institution.

Sign in with your ISMG account. Evaluation of the testing program and the test results by senior management and the board. Establishing policy by determining how the institution will manage and control identified risks; Allocating knowledgeable personnel and sufficient financial resources to implement the BCP; Ensuring that the BCP is independently reviewed and approved at least annually; Ensuring employees are trained and aware of their roles in the implementation of the BCP; Ensuring the BCP is regularly tested on an enterprise-wide basis; Reviewing the BCP testing program and test results on a regular basis; Ensuring the BCP is continually updated to reflect the current operating environment.

  FR E520 3.7K PDF

Phishing is Big Business. Live Webinar Sunset of Windows Server The second part describes the technical aspects regarding risk, including assessment, management, testing and monitoring. Closing Thoughts The above listed examination procedures are intended to be a cyclical process. Understand the current cyber threats to all public and private sector organizations; Develop a multi-tiered risk management approach built upon governance, processes businesz information systems; Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls.

Without ftiec enterprise-wide BCP that considers all critical elements of the entire business, an institution may not be able to resume customer service at an acceptable level.

Establishing policy by determining how the institution will manage and control identified risks. Thomas Donchez Contributing Writer. Next State of the Banking Industry: Keep me signed in. A Risk Assessment should include: While the restoration of IT systems and electronic data is important, recovery of these systems and data will not always be enough to restore business operations.

Based on a comprehensive BIA and risk assessment. The BCP should be updated based on changes in vontinuity processes, audit recommendations, and busimess learned from testing. Financial industry participants that perform clearing and settlement activities for critical financial markets core firms and organizations that process a significant share of transactions in critical financial markets significant firms are required to follow interagency guidelines, Refer to the “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.