Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
-
Upload
simon-craig -
Category
Documents
-
view
217 -
download
1
Transcript of Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Agenda
• Why have a plan?
• Objectives of a plan
• Key ingredients of a plan
• Using a Business Impact Analysis to customize your plan
• CU*Answers’ plan and your responsibilities
Why Have a Plan?
• Because you have to!– NCUA Letter 01-CU-21
• A process of establishing strategies to minimize disruptions of service to the CU and its members, to minimize financial loss, and to ensure timely resumption of operations in the event of a disaster.
Increasing Regulator Scrutiny
• NCUA• OFIS
– Plans should include regional disasters– What happens if you can’t return to
your main site?– Include replacement IT equipment– Include replacement of
communications circuits– Don’t forget your PEOPLE!
Plan Objectives
• Must be written and approved by the board
• Management has analyzed and assessed potential risks and established priorities
• A hot site is available and fully functional in an emergency
• Written agreements exist with hot-site management– Reciprocal agreement with CU
Plan Objectives
• Plan is tested at least annually– Test is documented and reviewed by
management
• Plan is revised as necessary to address changes in operations and resolve problems with testing
• Show that management has implemented protective measures against disruptions
Plan Ingredients
1. Identify Critical Systems and Services
2. Perform a Business Impact Analysis
3. Create a Contingency Plan
4. Validate the Plan (test)
5. Communication of Plan and Events to Staff and Board
Business Impact Analysis
• How can you plan for an event if you don’t know the likely impacts on your business?
• What are the degrees of potential loss and how much should be spent to mitigate those losses?– Loss of communications– Loss of branch/teller line– Loss off access to greater world (ATMs,
Shared Branching, etc.)
CU*Answers’ Plan
• Core system recovery
• Connectivity to the World– ATM Switches, Credit Bureaus,
Shared Branching, etc.– Funds available where your members
are (grocery store, etc.)
• Connectivity to your Branches
CU*Answers’ Plan
• Addresses recovery and resumption of CU*Answers’ core businesses– CU*BASE– CU*@HOME– CU*TALK– CU*SPY
• Recovery of communications lines to credit unions
CU*Answers’ Plan
• Addresses recovery of connections to the world– ATM switch connectivity– FED– Credit Bureaus– Other important third party
relationships
CU*Answers’ Plan
• Two phase plan– Redundant facilities provide business
continuity• 44th Street production center• 28th Street HA site and business offices• High Availability
– Already performing rolls between facilities
• Communications Redundancy– To Credit Unions (coming EOY 2006)– To Third Parties (already underway)– To the Internet (coming EOY 2006)
CU*Answers’ Plan
• Two phase plan– Hot Site relationship provides disaster
recovery• Annual testing • Full iSeries recovery • Recovery of communications to online CUs• Recovery of firewall• Recovery of secure FTP server for critical file
transmissions• This year added testing of recovery of ATM switch
(Metavante)
– Hot Site keeps us going while new production facilities are brought online
CU*Answers’ Plan
• Define plan scope• Define incident levels
– Framework for response and recovery• Disaster Recovery Plan
– The building is gone – what do you do?– Objectives– Synopsis– Staffing considerations– Hot site activation
• Notification and escalation procedures• Team roles and composition• Testing
CU*Answers’ Plan
• Business Recovery Plan– Recovering normal business operations at a
temporary facility– Objectives and scope– Notifications and Escalations– Recovery centers– Team composition and responsibilities
• Business Resumption Plan– Getting back to normal– Insurance– Facilities– Relocation teams
CU*Answers’ Plan
• Does NOT cover recovery of credit union operations occurring as the result of a disaster at the credit union– Loss of facilities– Loss of personnel– Loss of computers– Loss of communications circuits
Your Plan Should Include
• Recovery of operations at alternate site– Communications to CU*Answers at alternate
site– Written agreements with alternate site
providers• Recovery of computers and network
– Local backups• Loss of key personnel• Connectivity to the world
– Be where your members are shopping• Record of test events and results of tests
CU*Answers and WESCO NET Resources
• Getting help:– CU*Answers publishes their disaster
recovery guide and test results on CD-ROM• Use as a template for your own plan• Incorporate our responses into your plan• Provide our plan to your examiner• Contact Dave Wordhouse for a copy
– WESCO Net offers disaster recovery and business continuity planning services for credit unions. Contact Randy Brinks or Joe Couture.