FFIEC BUSINESS CONTINUITY HANDBOOK PDF

The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.

Author: Zululrajas Yokus
Country: Sao Tome and Principe
Language: English (Spanish)
Genre: Love
Published (Last): 4 March 2005
Pages: 352
PDF File Size: 13.92 Mb
ePub File Size: 12.10 Mb
ISBN: 628-5-29780-981-9
Downloads: 84458
Price: Free* [*Free Regsitration Required]
Uploader: Magis

This booklet is intended to provide guidance to the financial institutions regarding Business Continuity Planning, which helps companies recover and resume business processes when operations have been disrupted unexpectedly. Because financial institutions are part of the nation’s critical infrastructure, it is important to minimize disruptions to their business. Business Continuity Plans and examination procedures. The first part describes the planning process of creating a Business Continuity Plan, along with the responsibilities of senior management during that process.

The second part describes the technical aspects regarding risk, including assessment, management, testing and monitoring. Business Continuity Plan Financial institutions should develop a comprehensive Business Continuity Plan based on the size and complexity of the institution.

The goal of hajdbook BCP should be to minimize financial losses to the institution, serve customers and financial markets with minimal disruptions, and mitigate the negative effects of disruptions on business operations. A financial cojtinuity board and senior management are responsible for the following: Establishing policy by determining how the institution will manage and control identified risks; Allocating knowledgeable personnel and sufficient financial resources to implement the BCP; Ensuring that the BCP is independently reviewed and approved at least annually; Ensuring employees are trained and aware of their roles in the implementation of the BCP; Ensuring the BCP is regularly tested on an enterprise-wide basis; Reviewing the BCP testing program and test results on a regular basis; Ensuring the BCP is continually updated to reflect the current operating environment.

Examination Procedures The following describes the different aspects of creating and maintaining a Business Continuity plan. These different topics allow organizations to evaluate the critical aspects of their business and include them in their BCP.

This part of the process includes all of the critical functions and processes of the business along with the potential continuoty to these different aspects. A Business Impact Analysis report should include: Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis; Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes; Identification of the legal and regulatory requirements for the institution’s business functions and processes; Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes; Estimation of recovery time objectives RTOsrecovery point objectives RPOsand recovery of the critical path.

Risk Assessment The risk assessment is the second step in the process of creating a Business Continuity Plan. During the dfiec assessment step, business processes and the Business Impact Analysis assumptions are evaluated using various threat scenarios. A Risk Assessment should include: Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence; Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions busimess and their resulting impact on the institution.

  LOS LEMMINGS FABIAN CASAS PDF

Risk Management Risk Management is the process of identifying, assessing and reducing risk to an acceptable level through a proper Business Continuity Plan. Based on a comprehensive BIA and risk assessment; Documented in a written program; Reviewed and approved by the board and senior management at least annually; Disseminated to financial institution employees; Properly managed when continuith maintenance and development of the BCP is outsourced to a third-party; Specific regarding what conditions should prompt implementation of the plan and the process for invoking the BCP; Specific regarding what immediate steps should be taken during a disruption; Flexible to respond to unanticipated threat scenarios and changing internal conditions; Focused on the impact of various threats that could potentially disrupt operations rather than on specific events; Developed based on valid assumptions and an analysis of interdependencies; Effective in minimizing service disruptions.

Risk Monitoring and Testing Risk monitoring and testing is the final step in the business continuity planning process. Risk monitoring and testing ensures that the institution’s business continuity planning process remains viable through the: Incorporation continuith the BIA and risk assessment into the BCP and testing program; Development of an enterprise-wide testing program; Assignment of roles and responsibilities for implementation of the testing program; Completion of annual, or more frequent, tests of the BCP; Evaluation of the testing program and the test results by senior management and the board; Assessment of the testing program and test results by an independent party; Revision of the BCP and testing program based upon changes in business operations, audit and examination recommendations, and test results.

Closing Thoughts The above listed examination procedures are intended to be a cyclical process. The Business Continuity Plan is an ongoing process that needs to be updated as events occur. As an organization’s risk testing and monitoring detects changes in the company, buainess new Risk Assessment phase should occur to evaluate the impact of the changes and modify the Business Continuity Plan busines needed.

With a strong background in computer security and great interest in current trends, Tom enjoys writing on security related topics. His recent research includes rootkit detection and advanced steganography methods, and his thesis work relates to network traffic analysis and reporting.

Tom also spent three years as an ASP.

From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now. Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: In an exclusive presentation, Ross, lead author of NIST Special Publication – the bible of risk assessment and management – will share his unique insights on how to:. Create an ISMG account now.

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. Become A Premium Member. Internet of Things Security. Big Data Security Analytics. The Critical Importance of Data Integrity. Don’t Rush Tribune Ransomware Attribution.

Plans and Predictions for Cybersecurity in Promising Security Technologies in the Year Ahead. Looking Ahead to Breaches, Regulations and More. The Challenge of Complete Identity Impersonation. Webinar Beyond Managed Security Services: Live Webinar Sunset of Windows Server Stop Parasites on Your Network: Identify and Block Unwanted Apps.

Don’t Take the Bait: Phishing is Big Business. Security Agenda – Battling Insider Threats. The State of Adaptive Authentication in Banking. The New Faces of Fraud Survey.

  BEATRICE WARDE THE CRYSTAL GOBLET PDF

Top 10 Data Breach Influencers. Top 10 Influencers in Banking InfoSec. Top 10 Influencers in Government InfoSec. Top 5 Health Data Breaches. Addressing Security in Emerging Technologies. The Best of Infosecurity Europe Better Cyber Threat Intelligence.

FFIEC IT Examination Handbook InfoBase – Business Continuity Planning Process

Take a Good, Hard Look at Devices. Establishing policy by determining how the institution will manage and control identified risks. Allocating knowledgeable personnel and sufficient financial resources to implement the BCP. Ensuring employees are trained and aware of their roles in the implementation of contknuity BCP. Ensuring the BCP is continually updated to reflect the current operating environment.

Assessment and prioritization of all business functions and processes, including their interdependencies, as part of a work flow analysis.

Identification of the potential impact of business disruptions resulting from uncontrolled, non-specific events on the institution’s business functions and processes.

Identification of the legal and regulatory requirements for the institution’s business functions and processes. Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated vfiec the institution’s business functions and processes.

Evaluating the BIA assumptions using various threat scenarios. Analyzing threats based upon the impact to the institution, its customers, and continuify financial market it serves.

Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability of occurrence.

Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on continuiyy disruptions identified and their resulting impact on the institution. Based on a comprehensive BIA and risk assessment. Properly managed when the maintenance and development conitnuity the BCP is outsourced to a third-party.

Businses regarding what conditions should prompt implementation of the plan and the process for invoking the BCP. Flexible to respond to unanticipated threat scenarios and changing internal conditions.

Business Continuity Planning

Focused on the impact of various threats that could potentially disrupt operations rather than on specific events. Evaluation of the testing program and the test results by senior management and the board. Revision busines the BCP and testing program based upon changes in business operations, audit and examination recommendations, and test results. Protecting Customer Trust in e-Banking. Next State of the Banking Industry: Institutions “Not Out of the Woods”.

Thomas Donchez Contributing Writer. You might also be bsiness in …. More Breaches Illustrate the Vulnerabilities. Balancing Privacy, Technology Advancement. Please fill out the following fields All fields required: In an exclusive presentation, Ross, lead author of NIST Special Publication – the bible businees risk assessment and management – will share his unique insights on how to: Understand the current cyber threats to all public and private sector organizations; Develop a multi-tiered risk management approach built upon governance, processes and information systems; Implement NIST’s risk management framework, from defining risks to selecting, implementing and monitoring information security controls.

Presented By Ron Ross Sr.

Register with an ISMG account. Password must be between 5 and 12 characters. Already have an ISMG account? Sign in now Need help registering? Sign in with your ISMG account. Keep me signed in.