Don Stewart, MBCP, MBCI, CCP

Transcription

1 Moving production and disaster recovery securely into the cloud. Don Stewart, MBCP, MBCI, CCP

2 TOPIC OUTLINE What are the opportunities? Why do we care? How can we embrace best practices? Who should participate? Presentation will be posted

3 WHAT? BCP vs DRP Vendor Mgmt. as it relates to the BCP Methodologies and tools Our goal is to provide clear direction and opportunities

4 THE DIFFERENCE BETWEEN DR & BCP DR is what IT and Facilities does DRP (Disaster Recovery Programs) The rest of us do Continuity of Service to our Members Crosswalks (BIA, DRP, Risk, Vendor Mgmt.) BCP (Business Continuity Program) Enterprise Continuity

5 VENDOR MANAGEMENT & BCP Duplicate Vendor information Line staff Managers Accounts Payable Compliance or? Huge opportunity to merge/share

6 METHODOLOGIES Notebook, business cards, post-it notes Word/Excel/Access Shared or Public Lists in Outlook Dedicated Vendor Mgmt. Applications SharePoint Start simple! Feel the need to wrap your arms around a project before starting?

7 WHY? Regulatory compliance Critical Member services Reputation Risk Continuity of Service to our Members no matter what happens!

8 REGULATORY COMPLIANCE HIPPA FFIEC NCUA Complete list of DR/BCP regulations

9 CRITICAL MEMBER SERVICES We are outsourcing more and more Many interdependencies Network and Internet ATMs, Shared Branch, Online Banking, Mobile Mortgage, Indirect, Cards Contractors, Cleaning, Maintenance Support, Temp Hires, Consultants Member data?!?

10 REPUTATION RISK Most significant potential risk we face Your Members only see you Vendor issues are yours Response time, method, and message are critical, keep it simple Executive recognition is key

11 REPUTATION RISK Source: FIA tool

12 REPUTATION RISK Source: FIA tool

13 HOW? Tools - eliminate duplication of effort Merge (Contact Lists, Vendor Mgmt., DR, & BCP) Must be easy to use AND customize Training, development, and support Here is how we do it

14 DEPARTMENT LEVEL Connect to Outlook

15 DEPARTMENT LEVEL Have your team connect to Outlook

16 DEPARTMENT LEVEL Everyone in dept. is using the same list

17 DEPARTMENT LEVEL Vendor list backup (sync) is immediate

18 COLLATING DEPT. VENDORS Sync the dept. information forward

19 VENDOR MANAGEMENT

20 CONTINUOUS IMPROVEMENT Align Vendor Mgmt. requirements with FFIEC handbook and NCUA examiners Use same database for Accts. Payable Align tools with Risk Management Establish crosswalk to the BIA Provide IT with outcomes Monitor the IT/DR Program

21 WHO? Feel like there is a target on your back? Embrace opportunity to create win-win Accept continuous improvement Checklist (FFIEC, NCUA, & Best Practices) DR Exercises Think Opportunity!

22 CHECKLIST FFIEC handbook provides base list NCUA examiners add specifics Best Practices Common sense Constant change Reputation Risk

23 DR EXERCISE The BIA identified criticality & RPO IT establish priorities & dependencies Outcomes protect or assign risk Include vendors in your Exercise(s) Ask to participate in theirs Think Opportunity!

24 DR EXERCISE - LESSONS At least a couple vendors in each Vendor connectivity can be separate Ping is adequate for basic Plan carefully before doing live Live switch should be a goal Exercise, Exercise, Exercise

25 DR EXERCISE - LESSONS Alternate connectivity (eliminate single point) Do failure tests on alternates! Repeat test with change/update Record issues, opportunities, gaps, and action plans (sufficiency of controls, mitigation plan, residual threat, action plan) Project Management

26 SEIZE THE OPPORTUNITY! Vendor issues/outages are common Human error is THE most common Disaster (but this applies to vendors also!) Tie all these basics together Start simple and grow Synergy

27 CONTINUITY OF SERVICE TO THE MEMBER NO MATTER WHAT HAPPENS! Questions & Discussion Don Stewart, MBCP, MBCI, CCP