News & Commentary

03:10 PM
Zach Duke, Safe Systems
Zach Duke, Safe Systems
Commentary
50%
50%

10 Things You Should Do Today to Minimize the Impact of a Disaster

In the aftermath of Hurricane Irene, it's never too late to review and implement these 10 business continuity best practices.

1. Review the Business Continuity Plan sections of the FFIEC IT Handbook InfoBase website to be aware of the latest regulatory guidelines.

2. Review your Business Continuity Plan (BCP):

  • Is it current (based on current infrastructure, personnel, etc)?
  • Is it compliant with current guidelines? Would it pass an audit or examination?
  • Have all key personnel been trained?
  • Has testing been performed within the past 12 months?
  • Verify that the phone numbers in your Business Continuity Plan are up-to-date. Some examples include: utility vendors, core processor, phone vendors, network vendors, and disaster recovery specialists to assist in recovery.

    3. Spend one hour reviewing what you would do if a disaster were to strike tomorrow. For example, answer these questions:

  • Who would manage the disaster recovery process (refer to your DR program, management committees section)?
  • Where would you get suitable replacement servers, teller terminals, and other essential equipment?
  • What resources could you assign to the recovery process (knowledgeable staff, contractors)?
  • Define where your customers are going to go when you have a disaster -- a physical facility where customers will be able to perform retail transactions including deposits, receive cash, and open accounts is critical to your customer-facing services.

    4. Physically conduct an inspection of critical infrastructure areas:

  • Are there unnecessary risks (i.e. fire hazards, fire sprinkler systems in the wrong position or the wrong type)?
  • Check that your daily data backups are completing successfully, and periodically test your ability to restore.
  • Check that all data backup tapes are where they should be (i.e. in a safe, remote storage location, etc.).
  • 5. Validate these questions for the dependencies for data recovery and define and address the processes. For example:

  • What data is necessary for recovery of your most critical business processes?
  • If physical media is used, what type of tape drive is needed? Do you have one available of the exact same configuration?
  • What is the encryption password? Is this stored at another location?
  • What hardware is necessary for recovery of your most critical business processes? What server(s) will the data be restored to? Does this hardware have enough horsepower to run the applications?
  • Do you have the ability to restore your Active Directory, maintaining user authentication capabilities?
  • What version of backup software are you running? Is the software available offsite?
  • If you are using remote data backup, do you have a redundant Internet connection?
  • 6. Check that you have a complete inventory of all critical data equipment, including servers, workstations, and peripherals.

    7. Make sure you have an up-to-date, off-site schematic diagram of your technology operations. If not, assign someone to get it completed. Schematics are used more and more to display complex networks; having one available when disaster strikes will allow your institution to focus on recovery rather than figuring out what you had on the network.

    8. Review your DR program to determine the minimum people, processes, and equipment that you need to provide your most critical services. Make sure all Recovery Time Objectives can be met.

    9. Understand your business interruption insurance and what is covered. Business interruption insurance has been a risk mitigation strategy for a number of years. In today's economic climate it is important to know what is covered by the insurance provider and what is the institution's responsibility.

    10. Schedule a comprehensive test. Preparation is the most important part of the business continuity and disaster recovery process, and the best way to prepare is through comprehensive testing. Remember to document the results of your test, and update your Business Impact Analysis, Risk Assessment, and overall DR/BCP accordingly.

    Zach Duke, Executive Vice President of Business Development, directs all areas of the Account Management and Sales Departments of Safe Systems, Inc. , which has been assisting financial institutions in disaster recovery planning for over 17 years.

    Comment  | 
    Print  | 
    More Insights
    Register for Bank Systems & Technology Newsletters
    White Papers
    Current Issue
    Bank Systems & Technology Dec. 2, 2014
    BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
    Slideshows
    Video
    Bank Systems & Technology Radio
    Archived Audio Interviews
    Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.