The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet. OCC Bulletin announced that the FFIEC has released appendix J to the ” Business Continuity Planning” booklet of the FFIEC. The Federal Financial Institutions Examination Council (FFIEC) released an updated Business Continuity Planning Booklet (booklet), which.
|Published (Last):||3 December 2008|
|PDF File Size:||19.23 Mb|
|ePub File Size:||11.52 Mb|
|Price:||Free* [*Free Regsitration Required]|
Critical markets include, but may not be limited to, the markets for federal funds; foreign exchange; commercial paper; and government, corporate, and mortgage-backed securities. The BCP should be updated based on changes in business processes, audit recommendations, and lessons learned from testing. Presented By Ron Ross Sr. Evaluating the BIA assumptions using various threat scenarios; Analyzing threats based upon the impact to the institution, its customers, and the financial market it serves; Prioritizing potential business disruptions based upon their severity, which is determined by their impact on operations and the probability ffiecc occurrence; Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.
Password must be between 5 and 12 characters. Business continuity planning includes the integration of the institution’s role in financial markets.
The business continuity planning process involves the recovery, resumption, and maintenance of the entire business, not just the technology component. These technological advances underscore the importance of maintaining a current, enterprise-wide BCP. Allocating knowledgeable personnel and sufficient financial resources to implement the BCP. You might also be interested in …. Focused on the impact of various threats that could potentially disrupt operations rather than on specific events.
Assessment and busniess of all business functions and processes, handbopk their interdependencies, as part of a work flow analysis.
FFIEC IT Examination Handbook InfoBase – Business Continuity Planning Process
Since these organizations participate in one or more critical financial markets and their failure to perform critical activities by the end of the business day could present systemic risk to financial systems, their role in financial markets should be addressed as part of the business continuity planning process.
Top 10 Influencers in Banking InfoSec. bsuiness
Promising Security Technologies in the Year Ahead. Stop Parasites on Your Network: As an organization’s risk testing and monitoring detects changes in the company, a new Risk Assessment phase should occur to evaluate the businesx of the changes and modify the Business Continuity Plan as needed.
Already have an ISMG account? More Breaches Illustrate the Vulnerabilities. Examination Procedures Appendix B: Risk monitoring and testing ensures that the institution’s business continuity planning process remains viable through the: Identification of the legal and regulatory requirements for the institution’s ffeic functions and processes. Estimation of maximum allowable downtime, as well as the acceptable level of losses, associated with the institution’s business functions and processes.
Security Agenda – Battling Insider Threats. The Best of Infosecurity Europe Evaluating the BIA assumptions using various threat scenarios. This process-oriented approach will be discussed in the first part of the booklet, with additional information included in the continukty.
Business Continuity/Disaster Recovery: Executive Summary of FFIEC IT Examination Handbook
In an exclusive presentation, Ross, lead author of NIST Special Publication – the bible of risk assessment and management – will share his unique insights on how to:. Incorporation of the BIA and risk assessment into the BCP and testing program; Development of an enterprise-wide testing program; Assignment of roles and responsibilities for implementation of the testing program; Completion of annual, or more frequent, tests of the BCP; Evaluation of the testing program and the test results by senior management and the board; Assessment of the testing program and test results by an independent party; Revision of the BCP and testing program based upon changes in business operations, audit and examination recommendations, and test results.
A financial institution’s business continuity planning process should reflect the following objectives:. Closing Thoughts The above listed examination procedures are intended to be a cyclical process. Sign in with your ISMG account.
Performing a “gap analysis” that compares the existing BCP to the policies and procedures that should be implemented based on prioritized disruptions identified and their resulting impact on the institution.
Establishing policy by determining how the institution will manage and control identified risks; Allocating knowledgeable personnel and sufficient financial resources to implement the BCP; Ensuring that the BCP is independently reviewed and approved at least annually; Ensuring employees are trained and aware of their roles in the implementation of the BCP; Ensuring the BCP is regularly tested on an enterprise-wide basis; Reviewing the BCP testing program and test results on a regular basis; Ensuring the BCP is continually updated to reflect the current operating environment.
Flexible to respond to unanticipated threat scenarios and changing internal conditions. Register with an ISMG account. Specific regarding what conditions should prompt implementation of the plan and the process for invoking the BCP. Top 10 Influencers in Government InfoSec. Pandemic Planning Appendix E: The four steps in this process include:. Addressing Security in Emerging Technologies.
Business Continuity Planning
Better Cyber Threat Intelligence. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. Ensuring the BCP is continually updated to reflect the current operating environment. But no one is showing them how – until now. Balancing Privacy, Technology Advancement. Phishing is Big Business.
Don’t have one of these accounts?