Disaster Recovery Policy

Similar documents
Overview of Business Continuity Planning Sally Meglathery Payoff

Business Continuity Planning and Disaster Recovery Planning

Disaster Recovery. Stanley Lopez Premier Field Engineer Premier Field Engineering Southeast Asia Customer Services and Support

Disaster Recovery and Business Continuity Plan

Business Continuity Management Group Policy

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

NCUA LETTER TO CREDIT UNIONS

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

GUIDANCE FOR MANAGING THIRD-PARTY RISK

Business Unit CONTINGENCY PLAN

PPSADOPTED: OCT BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan

Disaster Preparedness & Response

Virginia Commonwealth University School of Medicine Information Security Standard

The PNC Financial Services Group, Inc. Business Continuity Program

SAMPLE IT CONTINGENCY PLAN FORMAT

Disaster Recovery Planning Process

Identify and Protect Your Vital Records

Resource Ordering and Status System. User Business Resumption Plan

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Unit Guide to Business Continuity/Resumption Planning

Does it state the management commitment and set out the organizational approach to managing information security?

AUDIT REPORT INTERNAL AUDIT DIVISION. Audit of business continuity and disaster recovery planning at UNON

Risk Management of Outsourced Technology Services. November 28, 2000

FINAL AUDIT REPORT WITH RECOMENDATIONS Information Technology No

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Planning

BUSINESS CONTINUITY PLANNING

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Offsite Disaster Recovery Plan

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

Table of Contents... 1

BUSINESS CONTINUITY PLAN OVERVIEW

Business continuity plan

Emergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.

Business Continuity Management Policy

Hospital Emergency Operations Plan

Continuity of Operations Planning. A step by step guide for business

This document contains the text of Secretary of the State regulations concerning

GAO. Year 2000 Computing Crisis: Business Continuity and Contingency Planning

Business Continuity and Disaster Recovery Planning

How To Prepare For A Disaster

INFORMATION TECHNOLOGY SECURITY STANDARDS

Interagency Statement on Pandemic Planning

Business Continuity Planning (800)

Building and Maintaining a Business Continuity Program

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Business Continuity Plan

Subject: Internal Audit of Information Technology Disaster Recovery Plan

FACT SHEET: Ransomware and HIPAA

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

General IT Controls Audit Program

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Information Resource Management Directive USAP Contingency & Disaster Recovery Program

CHARTER. Interagency Information Systems Working Group. Timber Regulation and Forest Restoration Program June 23, 2015

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

CISM Certified Information Security Manager

OCC 98-3 OCC BULLETIN

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Disaster Recovery in the Contact Center

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

PRACTICE ADVISORIES FOR INTERNAL AUDIT

How to Prepare for an Emergency: A Disaster and Business Recovery Plan

OIG. Improvements Are Needed for Information Technology Controls at the Las Vegas Finance Center. Audit Report OFFICE OF INSPECTOR GENERAL

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

5 Essential Benefits of Hybrid Cloud Backup

Running head: COMPONENTS OF A DISASTER RECOVERY PLAN 1

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK FOR CREDIT UNIONS

PAPER-6 PART-4 OF 5 CA A.RAFEQ, FCA

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

Business Continuity Planning for Schools, Departments & Support Units

TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION

MANAGEMENT AUDIT REPORT DISASTER RECOVERY PLAN DEPARTMENT OF FINANCE AND ADMINISTRATIVE SERVICES INFORMATION TECHNOLOGY SERVICES DIVISION

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Contingency Planning and Disaster Recovery Internal Control Questionnaire

Disaster Recovery Plan

BCP and DR. P K Patel AGM, MoF

Workforce Solutions Business Continuity Plan May 2014

EMERGENCY RESPONSE PLAN. This Emergency Response Plan describes the functions and procedures of USA Track & Field,

Transcription:

Disaster Recovery Policy Organizational Functional Area: Policy for: Executive Division Bank Disaster Recovery Program Board Reviewed: September 14, 2011 Department/Individual Responsible for Maintaining/Updating Procedures: Milad Doueihi REGULATORY RISK ISSUE(S) The regulatory agencies have alerted all financial institutions to the importance of contingency planning for banking operations, including data processing support, by issuing an interagency statement on this topic. While these procedures address many broad issues, management will be responsible for developing specific emergency and disaster recovery plans, which should keep disruption of operations to a minimum. Failure to address these issues may result in significant risks to the organization, including compliance risk, reputation risk, transaction risk, and strategic risk. MAJOR PROCEDURAL ELEMENTS Description of the bank s emergency procedures established to protect personnel and property during emergencies Description of backup considerations Guidelines for disaster recovery planning Standards for testing the disaster recovery plan

These areas are covered extensively in the Disaster Recovery Procedural Manual. The Manual is on-site at the Main Bank and copies are distributed on disk to all committee members and also at our Northpoint location, where the Disaster Recovery site resides. OTHER RISK CONSIDERATIONS In addition to banking operations, there are other significant elements to consider, including: External data processing disaster recovery planning Financial institution operational disaster recovery planning Customer service support Affiliate/holding company support (if appropriate) 2

STATEMENT OF NEEDS AND PURPOSE The board of directors and senior management of South Side Trust & Savings Bank recognize the need to establish comprehensive emergency and disaster recovery procedures and plans to protect employees during emergencies and to provide for the continuity of operations. Furthermore, the purpose of these procedures is to ensure that the organization is operating under established guidelines to assure the support for the safety and soundness of all financial institution operations as well as the protection of bank staff and assets. It is very important that senior management be informed of all bank disaster recovery plans, procedures, and guidelines. SPECIFIC GOALS Establish overall authority and responsibility in the development, implementation, and maintenance of the disaster recovery program including recovery and business resumption procedures and plans, and related testing. Provide a written reference that can be updated. Document specific planned backup initiatives. Outline strategies for disaster recovery efforts and business resumption. Establish requirements for periodic testing of the adequacy of the recovery plans. ELEMENTS Authority Senior Management will approve the selection of a Disaster Recovery Coordinator who is already an officer of the bank and whose responsibilities will be balanced with that of managing the disaster recovery function. 3

To assist the Disaster Recovery Coordinator, management authorizes the Disaster Recovery Coordinator to select a Disaster Recovery Committee to assist in the design, development, drafting, and finalization of a formal disaster recovery program. The Disaster Recovery Committee will assist in the development of the program as well as provide ongoing management of the process, including implementing the program and serving in a leadership role during a disaster. The Disaster Recovery Coordinator will serve as chairperson and primary contact. At least three members of this committee shall be managing officers of the bank and shall also serve as designated Disaster Recovery Committee leaders per the disaster recovery plan. (See Attachment A for a list of committee members.) Responsibility The Disaster Recovery Committee shall be centered on developing a proactive document; it is important that each department or functional area provide input, be encouraged to participate in a forum for discussing contingency planning and disaster recovery issues, and understand the ownership that each department or functional area has in the ultimate program. The Disaster Recovery Committee will meet as needed to accomplish the following: 1. Determine any needed changes to the program and report them to management. 2. Review, discuss, and as appropriate, act upon comments and recommendations provided by various departments. 3. Provide, on no less than an annual basis, a review of the existing program; provide copies of plan revisions for director review; and report on testing efforts and training initiatives. 4. Update, as necessary, procedures to relocate at the off-site location and assure the necessary supplies are in storage at that location. 5. Assure management that all necessary media are backed up and stored off-site to enable reconstruction of all files presently used by the bank. 4

Committee members are responsible for ensuring that all employees understand their individual obligations in this regard; the Disaster Recovery Committee must implement guidelines and procedures, and practice to enforce these consistently. South Side Bank management will be required to assist in implementing an ongoing training program to ensure cross-training of employees to reduce or eliminate the threat of loss that arises from the absence of key personnel. The Disaster Recovery Committee must be provided with information on an ongoing basis regarding equipment acquisitions, personnel changes, and off-site preparation in order to update the plan. The committee also will be responsible for establishing long-term goals for their objectives and making sure they are implemented. If the committee follows the guidelines set forth in the policy, it should be able to ensure the bank is operating in a safe manner. During this period, the Disaster Recovery Committee will talk with each department or functional area to: 1. Discuss and recommend needed changes in contingency planning procedures, forms, etc. 2. Provide Senior Management with an annual statement of the disaster recovery program from a department or functional area perspective. The comments will include all areas of concern, including contingency plan testing related to information services, training, location of contingency planning manuals at the bank, and backup site support. Other ongoing responsibilities of the Disaster Recovery Committee include: 1. Continue to provide feedback and reminders to all senior bank management, as necessary, to relocate to the off-site location all critical documents, forms, procedures, data, etc. and to assure the necessary supplies are in storage at that location. 2. Inform respective management teams regarding aspects of the disaster recovery program. 5

Services In the event of an area-wide disaster, the bank may offer certain free services to customers and noncustomers to help in the recovery process. Office Locations If one or more offices are severely damaged and not available for banking business within five business days, the Disaster Recovery Coordinator, in cooperation with other team members, will estimate the length of office closure and the timeline for setting up a temporary office, and will evaluate the cost/benefits. Media will be used to redirect customers to other convenient locations. Employee Support The bank will also assist employees to help ease the stress of working through a disaster. This will be assessed at the time of the disaster in accordance with the extent of damage. Training All senior management. managers, and staff are required to receive periodic training regarding disaster recovery procedures within their appropriate location or department. The Branch and/or Department will be responsible for emergency procedures review with their employees at least annually. Risk Management In addressing disaster recovery planning risks, the South Side Bank s senior management must be aware of the potential risks that may arise. Disruption to operations, whether due to internal problems (e.g., a fire) or external problems (e.g., loss of power due to storm damage), impact the organization both in the short term as well as in the future. Different types of emergency and disaster issues should be considered, and appropriate types of planning should be performed. Various risks need to be evaluated. These risks, and their related management techniques include: 6

Compliance Risk. Maintaining legal compliance with various appropriate regulations as well as compliance with the organization s emergency and disaster recovery program. Transaction Risk. Impacting earnings or capital due to problems with service or product delivery. Transaction (or operational) risk occurs in the delivery of all products and services. It may be assessed through consideration of all operational aspects including data input, data processing, and data output. People, equipment, forms, data files, and other significant elements of data processing to ensure the restoration of data processing within a short time frame are critical to customers of the organization and the viability of the institution. Strategic Risk. Addressing the potential adverse business impact to the organization, both internally and externally, that may occur if the institution is unable to restore data processing operations and related functions within an acceptable time frame. If the strategic risks related to data processing disaster recovery are not understood, addressed, and managed in terms of preparedness, the institution may not be able in the short term to address the risks and related solutions, resulting in economic and market losses. Reputation Risk. Retaining marketplace confidence by handling customers financial transactions in an appropriate manner and within an acceptable time frame, after a disaster, as well as meeting the emerging needs of the customer base and community are important to protecting the safety and soundness of the institution. Other Risk Considerations After review of internal issues, management has concluded that the following represent procedural considerations that could represent risk to one or more areas of the bank s main office or a branch. Fire / Tornado / Electrical South Side Bank has established various functional area, branch office, and department emergency procedures to provide for the protection of personnel and property during an emergency. The safety of all personnel is first and foremost in any emergency. 7

Following the initial review to assure all personnel are safe, the security of the premises, protections of assets and information, and if necessary, removal of any critical, nonreplaceable materials should be considered in an emergency. Emergency phone number for key functional area/branch office/department personnel are maintained in the disaster recovery procedure manual. 8

Backup Considerations Disaster recovery planning and procedures for South Side Bank shall include backup plans for key elements within each department/branch and contingency plans or strategies for recovery of operations. The Disaster Recovery Committee has specific responsibilities for developing, implementing, and maintaining the disaster recovery program, including the plan and related disaster recovery procedures. The South Side Bank has made provisions for backup related to hardware, programs, documentation, procedures, and data files. This is described further in the Disaster Recovery Procedures Manual. Standards for Testing Disaster Recovery Plan An annual test of the disaster recovery program is required. Segments of this test process are staged throughout the year to minimize disruption and yet facilitate testing of the disaster recovery program, plan, and procedures. General objectives for the test include determining the overall feasibility of the recovery strategies, verifying compatibility of backup systems and facilities, identifying deficiencies in the plan, providing training for employees involved in disaster recovery, and providing a mechanism for maintaining and updating the plan. Procedures Manual South Side Bank has developed an extensive disaster recovery procedural manual detailing every aspect of a possible disaster. 9

Attachment A List of Committee Members Disaster Recovery Committee Members 1. Chief Information Officer 2. Data Processing Officer 3. Deposit Operations Officer 4. Electronic Banking Officer 5. BSA Officer 6. Branch Manager 7. Loan Officer 8. Senior Management 9. Trust Officer 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information