Moving production and disaster recovery securely into the cloud. Don Stewart, MBCP, MBCI, CCP
TOPIC OUTLINE What are the opportunities? Why do we care? How can we embrace best practices? Who should participate? Presentation will be posted
WHAT? BCP vs DRP Vendor Mgmt. as it relates to the BCP Methodologies and tools Our goal is to provide clear direction and opportunities
THE DIFFERENCE BETWEEN DR & BCP DR is what IT and Facilities does DRP (Disaster Recovery Programs) The rest of us do Continuity of Service to our Members Crosswalks (BIA, DRP, Risk, Vendor Mgmt.) BCP (Business Continuity Program) Enterprise Continuity
VENDOR MANAGEMENT & BCP Duplicate Vendor information Line staff Managers Accounts Payable Compliance or? Huge opportunity to merge/share
METHODOLOGIES Notebook, business cards, post-it notes Word/Excel/Access Shared or Public Lists in Outlook Dedicated Vendor Mgmt. Applications SharePoint Start simple! Feel the need to wrap your arms around a project before starting?
WHY? Regulatory compliance Critical Member services Reputation Risk Continuity of Service to our Members no matter what happens!
REGULATORY COMPLIANCE HIPPA FFIEC NCUA Complete list of DR/BCP regulations http://www.drj.com/resources/tools/dr-rulesand-regulations.html
CRITICAL MEMBER SERVICES We are outsourcing more and more Many interdependencies Network and Internet ATMs, Shared Branch, Online Banking, Mobile Mortgage, Indirect, Cards Contractors, Cleaning, Maintenance Support, Temp Hires, Consultants Member data?!?
REPUTATION RISK Most significant potential risk we face Your Members only see you Vendor issues are yours Response time, method, and message are critical, keep it simple Executive recognition is key
REPUTATION RISK Source: FIA tool
REPUTATION RISK Source: FIA tool
HOW? Tools - eliminate duplication of effort Merge (Contact Lists, Vendor Mgmt., DR, & BCP) Must be easy to use AND customize Training, development, and support Here is how we do it
DEPARTMENT LEVEL Connect to Outlook
DEPARTMENT LEVEL Have your team connect to Outlook
DEPARTMENT LEVEL Everyone in dept. is using the same list
DEPARTMENT LEVEL Vendor list backup (sync) is immediate
COLLATING DEPT. VENDORS Sync the dept. information forward
VENDOR MANAGEMENT
CONTINUOUS IMPROVEMENT Align Vendor Mgmt. requirements with FFIEC handbook and NCUA examiners Use same database for Accts. Payable Align tools with Risk Management Establish crosswalk to the BIA Provide IT with outcomes Monitor the IT/DR Program
WHO? Feel like there is a target on your back? Embrace opportunity to create win-win Accept continuous improvement Checklist (FFIEC, NCUA, & Best Practices) DR Exercises Think Opportunity!
CHECKLIST FFIEC handbook provides base list NCUA examiners add specifics Best Practices Common sense Constant change Reputation Risk
DR EXERCISE The BIA identified criticality & RPO IT establish priorities & dependencies Outcomes protect or assign risk Include vendors in your Exercise(s) Ask to participate in theirs Think Opportunity!
DR EXERCISE - LESSONS At least a couple vendors in each Vendor connectivity can be separate Ping is adequate for basic Plan carefully before doing live Live switch should be a goal Exercise, Exercise, Exercise
DR EXERCISE - LESSONS Alternate connectivity (eliminate single point) Do failure tests on alternates! Repeat test with change/update Record issues, opportunities, gaps, and action plans (sufficiency of controls, mitigation plan, residual threat, action plan) Project Management
SEIZE THE OPPORTUNITY! Vendor issues/outages are common Human error is THE most common Disaster (but this applies to vendors also!) Tie all these basics together Start simple and grow Synergy
CONTINUITY OF SERVICE TO THE MEMBER NO MATTER WHAT HAPPENS! Questions & Discussion Don Stewart, MBCP, MBCI, CCP dstewart@ongoingoperations.com 541-231-9255