Minimizing the impact of disruptions of any kind, natural or man-made, or cyber should be a priority when it comes to the overall security of your institution. But how do you know if you’ve checked off all the important boxes?
A compliant and successful business continuity plan has the following components: Risk management (Business Impact Analysis, Risk/Threat Assessment); continuity strategies (Interdependency Resilience, Continuity, and Recovery); training and testing (aka Exercises); maintenance and improvement; and board reporting. In addition, the expanded FFIEC BCM IT Examination Handbook calls for all “entities” to rethink their approach to business continuity and be prepared to make appropriate plan revisions to meet these expectations.
To comply with regulatory requirements, it is important for institutions to not only understand the BCM process but also focus on an enterprise-wide, process-oriented approach that considers technology, business operations, testing, and communication strategies that are critical to business continuity management for the entire organization, not just the information technology department. It seems like a lot, but the risks an institution could face by not having a compliant and effective plan in place can be even more costly.
Don’t know where to start? We’ve developed a blog that walks you through the key requirements of BCMP, provides insight into the new guidance and the specific changes you may need to make to meet these expectations, and helps you ultimately determine what to include in the plan. View the original blog post here.