1. Review the Business Continuity Plan sections of the FFIEC IT Handbook InfoBase website to be aware of the latest regulatory guidelines.
2. Review your Business Continuity Plan (BCP):
Verify that the phone numbers in your Business Continuity Plan are up-to-date. Some examples include: utility vendors, core processor, phone vendors, network vendors, and disaster recovery specialists to assist in recovery.
3. Spend one hour reviewing what you would do if a disaster were to strike tomorrow. For example, answer these questions:
4. Physically conduct an inspection of critical infrastructure areas:
5. Validate these questions for the dependencies for data recovery and define and address the processes. For example:
6. Check that you have a complete inventory of all critical data equipment, including servers, workstations, and peripherals.
7. Make sure you have an up-to-date, off-site schematic diagram of your technology operations. If not, assign someone to get it completed. Schematics are used more and more to display complex networks; having one available when disaster strikes will allow your institution to focus on recovery rather than figuring out what you had on the network.
8. Review your DR program to determine the minimum people, processes, and equipment that you need to provide your most critical services. Make sure all Recovery Time Objectives can be met.
9. Understand your business interruption insurance and what is covered. Business interruption insurance has been a risk mitigation strategy for a number of years. In today's economic climate it is important to know what is covered by the insurance provider and what is the institution's responsibility.
10. Schedule a comprehensive test. Preparation is the most important part of the business continuity and disaster recovery process, and the best way to prepare is through comprehensive testing. Remember to document the results of your test, and update your Business Impact Analysis, Risk Assessment, and overall DR/BCP accordingly.
Zach Duke, Executive Vice President of Business Development, directs all areas of the Account Management and Sales Departments of Safe Systems, Inc. , which has been assisting financial institutions in disaster recovery planning for over 17 years.