The PNC Financial Services Group, Inc. Business Continuity Program

Similar documents
The PNC Financial Services Group, Inc. Business Continuity Program

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Meeting FFIEC Requirements: Enterprise-Wide Testing of Your. Business Continuity Plan

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

PBSi Business Continuity Planning

Company Management System. Business Continuity in SIA

Business Continuity Planning Preparing Your Organization

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Plan

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Planning (800)

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

CISM Certified Information Security Manager

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Management Framework

Why Should Companies Take a Closer Look at Business Continuity Planning?

External Supplier Control Requirements BCM

Vendor Management. Outsourcing Technology Services

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Risk Management of Outsourced Technology Services. November 28, 2000

National Check Payments Certification. Fraud, Risk, and Risk Mitigation Part II. Copyright 2015 by the Electronic Check Clearing House Organization

Principles for BCM requirements for the Dutch financial sector and its providers.

Consultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions

How To Assess A Critical Service Provider

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

Business Continuity Planning for Risk Reduction

Business Continuity Management

FlyntGroup.com. Enterprise Risk Management and Business Impact Analysis: Understanding, Treating and Monitoring Risk

Business Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010

TO CREDIT UNIONS DATE: June 10, 1998

Business Continuity Management

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity and Disaster Recovery Planning

Appendix 3 Disaster Recovery Plan

Business Continuity Standards A Primer

Business Continuity Management Policy

Table of Contents... 1

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Building and Maintaining a Business Continuity Program

Business Resilience and Risk Management

Coping with a major business disruption. Some practical advice

By: Tracy Hall. Community Bank Auditors Group Taking Your Business Continuity Plan To The Next Level. June 9, 2015

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning MARCH 2003 IT EXAMINATION H ANDBOOK

How To Manage Risk At Atb Financial

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

MHA Consulting. Business Continuity Management 101

State of South Carolina Policy Guidance and Training

Business Continuity / Disaster Recovery Context

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Business Continuity Management Software

FFIEC Cybersecurity Assessment Tool

Business Continuity Trends, Requirements and Expectations in Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management

Title: Rio Tinto management system

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

Proposal for Business Continuity Plan and Management Review 6 August 2008

Emergency Response and Business Continuity Management Policy

Policy : Enterprise Risk Management Policy

Unit Guide to Business Continuity/Resumption Planning

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy

Business Continuity Management Program Development Guide

IT Service Continuity Management PinkVERIFY

IT Governance. What is it and how to audit it. 21 April 2009

PRACTICAL APPLICATIONS FOR BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

Business Continuity Policy

Business Continuity Management. Policy Statement and Strategy

RBC Business Continuity Management Program Exercising our Plans. BCAW Presentation

Overview TECHIS Manage information security business resilience activities

Business Continuity Planning and Disaster Recovery Planning

MEMORANDUM. Date: October 28, Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance

Business Continuity Management Planning Methodology

BUSINESS CONTINUITY PLANNING

Business Continuity Management Policy

Risk Management & Business Continuity Manual

ORACLE ENTERPRISE GOVERNANCE, RISK, AND COMPLIANCE MANAGER FUSION EDITION

Cybersecurity The role of Internal Audit

Blind spot Banks are increasingly outsourcing more activities to third parties. But they can t outsource the risks.

How to Develop Successful Enterprise Risk and Vendor Management Programs

Domain 1 The Process of Auditing Information Systems

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Global Statement of Business Continuity

Desktop Scenario Self Assessment Exercise Page 1

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

COMMUNIQUE. Information Technology (IT) Governance Guidance

Business Continuity Planning

Business Continuity at CME Group

How to measure your business resiliency

Jack Henry & Associates, Inc., Monett, Missouri, a technology service provider to

Transcription:

The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1

Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page 4 Risk Assessments Page 4 Planning and Mitigation Page 4 Recovery Testing Page 5 Risk Monitoring Page 5 Training and Awareness Page 5 Reporting Page 5 D. Crisis Management Page 6 subsidiaries) 2

A. Introduction Business continuity management is a process that identifies potential threats to an organization and the impacts to business operations those threats might cause. It provides a framework for building organizational resiliency and recovery capabilities that enable an effective response that safeguards the interests of key stakeholders, reputation, brand and activities. The PNC Financial Services Group, Inc. s (PNC) Business Continuity Program leads the organization s business continuity activities, which include business and disaster recovery, crisis management, and operational and technology resiliency. The program is based on a defined methodology that is aligned to industry best practices and the Federal Financial Institutions Examination Council (FFIEC) Guidelines. The program methodology has four embedded steps: 1.) Business Impact Analysis prioritization of business recovery and its necessary components based on potential loss implications; 2.) Risk Assessment assessment of the likelihood and potential impact of threats that may lead to a business disruption; 3.) Planning and Mitigation establishment and ongoing maintenance of recovery plans for business processes and their interrelated components; and, 4.) Recovery Testing conducting periodic recovery testing of PNC s critical processes and components. The guiding principles of the program are based on the priority to protect the health and safety of PNC employees, contractors, customers and suppliers. PNC is committed to safeguarding the ongoing availability of PNC products and services through effective business continuity, disaster recovery, and crisis management planning. To that end: PNC develops and maintains a set of Business Continuity (BC) plans, including business, technology, and crisis management plans, administered through an enterprise BC program that considers the prioritization of business objectives and critical operations that are essential for recovery in the case of a disruptive event. The program addresses key aspects of BC including but not limited to: personnel; communications; technology; facilities; suppliers; electronic payment systems; liquidity concerns; financial disbursements; and manual operations; BC plans are updated as appropriate to reflect the current operating environment based on changes in business processes, risk assessments, audit recommendations, and testing results. BC plans are reviewed and approved at least annually by PNC business unit and support function management to determine whether any modifications are necessary in light of changes to operations, structure, business, or location. subsidiaries) 3

B. Governance Model The governance model is designed to provide centralized governance and oversight while enabling business ownership. Centrally managed business continuity guidelines and tools provide for assessment and mitigation of risks and development of resiliency/recovery strategies. Each business segment has an established business continuity team with defined roles and responsibilities to enable consistent business continuity planning and execution across the enterprise. The program integrates a top down direction and governance model through established risk committees, executive management, and clearly defined accountabilities and succession planning across PNC s business units and staff functions. This includes direct engagement of the Board of Directors, Executive Management and the PNC management and staff. Furthermore, a Business Continuity Steering Committee, comprised of functional leaders across the organization, facilitates the ongoing review, prioritization and execution of business continuity strategies and initiatives. C. Program Components PNC prepares for the risk of potential disruptive events based on regulatory guidelines and PNC s understanding of industry standards and practices. The program helps to ensure that both expected and unexpected risks are identified, assessed and appropriately managed through activities designed to mitigate the risk associated with disruptive events and to enable the organization to meet recovery objectives. The program executes on the following life-cycle: Business Impact Analyses (BIA) is performed annually and includes assessment and prioritization of business functions, identification of the legal, regulatory, reputational, and financial impact of business disruptions, estimation of maximum allowable downtime and level of losses, and estimation of recovery time objectives, recovery point objectives and recovery of the critical path. Risk Assessments are conducted and documented to evaluate the BIA assumptions, analyze threats to PNC (including employees and facilities), its customers and markets, prioritize potential business disruptions, and provide a policies and procedures gap analysis. Risk assessments will identify gaps between recovery demands and existing capabilities for technology, facilities, employees and suppliers. Planning and Mitigation is focused on identifying, assessing, and reducing risk to an acceptable level through the development, implementation, and maintenance of a comprehensive BC program and related plans. Plans developed under the program subsidiaries) 4

must be effective in minimizing service disruptions and financial loss and allow for flexibility to respond to unanticipated threat scenarios and changing internal conditions. The plans should be specific regarding what conditions prompt crisis management implementation and the immediate steps to be taken during a disruptive event. Plans will be disseminated and communicated to PNC employees. Recovery Testing is an instrumental part of the methodology to validate the planning requirements identified within the business impact analysis and risks assessment. An enterprise-wide testing and risk monitoring program is maintained for the execution of annual testing sufficient to validate the viability of BC plans. The testing program includes but is not limited to: Verifying defined roles and responsibilities; Establishing the breadth, depth and frequency of testing activities based on process criticality and/or changes to operating environments; Ensuring testing of internal and external parties and supporting systems, processes and resources; Demonstrating the ability of recovery arrangements to sustain the business until permanent operations are established; Documenting and reporting test results; An independent review by a third party; and Identifying gaps as a result of testing and incorporating revisions to the testing program as necessary. Other disciplines with the program include: Risk Monitoring: Monitoring of activities and plans provides assurance that the program is effective and remains viable. Specific BC components that are not aligned with the program are identified and remediation efforts implemented to address such gaps. Reports of risks and activities are produced with the objective of comprehensive and transparent reporting through the governance structure. Training and Awareness: PNC provides business continuity planning awareness via internal meetings with lines of business, executive committee reviews, employee forums, and internal websites. Additionally, training guides have been developed and are maintained online to enhance accessibility for the use of the business continuity planning tools. Reporting: Management reporting, which is an integrated part of PNC s Business Continuity Program, is designed to summarize and highlight resiliency, recovery, and business resumption capabilities for specific businesses and services. It also provides a transparent overview among interdependent business activities. The reporting components are presented in aggregated management reports and provided to executive management and various committees. subsidiaries) 5

D. Crisis Management The Business Continuity Program has established a crisis response capability, including defined crisis teams, crisis plans and standardized processes. PNC has established interfaces to a wide range of agencies, authorities and organizations, to receive incident and event notification allowing for a quick and coordinated crisis response. These steps, which also serve to mitigate and reduce impact to customer services, include: Established crisis management teams which conduct impact assessment, notify critical contacts, escalate to management, and coordinate overall response. Crisis communications that provide notification and impact assessment to employees, customers, regulators, and suppliers. Scenario-based walkthroughs which promote an understanding of crisis response, impact assessment, and resumption capabilities. Testing of crisis management response processes, tools, and resources improving overall reliability of crisis management. subsidiaries) 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information