1 / 19

Disaster Recovery and Business Continuity

Disaster Recovery and Business Continuity. Ensuring Member Service in Times of Crisis. Agenda. Why have a plan? Objectives of a plan Key ingredients of a plan Using a Business Impact Analysis to customize your plan CU*Answers’ plan and your responsibilities. Sources of Disaster.

lynton
Download Presentation

Disaster Recovery and Business Continuity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis

  2. Agenda • Why have a plan? • Objectives of a plan • Key ingredients of a plan • Using a Business Impact Analysis to customize your plan • CU*Answers’ plan and your responsibilities

  3. Sources of Disaster • Events can be: • Natural • Technical • Human

  4. Why Have a Plan? • Because you have to! • NCUA Letter 01-CU-21 • A process of establishing strategies to minimize disruptions of service to the CU and its members, to minimize financial loss, and to ensure timely resumption of operations in the event of a disaster.

  5. Increasing Regulator Scrutiny • NCUA • OFIS • Plans should include regional disasters • What happens if you can’t return to your main site? • Include replacement IT equipment • Include replacement of communications circuits • Don’t forget your PEOPLE!

  6. Plan Objectives • Must be written and approved by the board • Management has analyzed and assessed potential risks and established priorities • A hot site is available and fully functional in an emergency • Written agreements exist with hot-site management • Reciprocal agreement with CU

  7. Plan Objectives • Plan is tested at least annually • Test is documented and reviewed by management • Plan is revised as necessary to address changes in operations and resolve problems with testing • Show that management has implemented protective measures against disruptions

  8. Plan Ingredients • Identify Critical Systems and Services • Perform a Business Impact Analysis • Create a Contingency Plan • Validate the Plan (test) • Communication of Plan and Events to Staff and Board

  9. Business Impact Analysis • How can you plan for an event if you don’t know the likely impacts on your business? • What are the degrees of potential loss and how much should be spent to mitigate those losses? • Loss of communications • Loss of branch/teller line • Loss off access to greater world (ATMs, Shared Branching, etc.)

  10. CU*Answers’ Plan • Core system recovery • Connectivity to the World • ATM Switches, Credit Bureaus, Shared Branching, etc. • Funds available where your members are (grocery store, etc.) • Connectivity to your Branches

  11. CU*Answers’ Plan • Addresses recovery and resumption of CU*Answers’ core businesses • CU*BASE • CU*@HOME • CU*TALK • CU*SPY • Recovery of communications lines to credit unions

  12. CU*Answers’ Plan • Addresses recovery of connections to the world • ATM switch connectivity • FED • Credit Bureaus • Other important third party relationships

  13. CU*Answers’ Plan • Two phase plan • Redundant facilities provide business continuity • 44th Street production center • 28th Street HA site and business offices • High Availability • Already performing rolls between facilities • Communications Redundancy • To Credit Unions (coming EOY 2006) • To Third Parties (already underway) • To the Internet (coming EOY 2006)

  14. CU*Answers’ Plan • Two phase plan • Hot Site relationship provides disaster recovery • Annual testing • Full iSeries recovery • Recovery of communications to online CUs • Recovery of firewall • Recovery of secure FTP server for critical file transmissions • This year added testing of recovery of ATM switch (Metavante) • Hot Site keeps us going while new production facilities are brought online

  15. CU*Answers’ Plan • Define plan scope • Define incident levels • Framework for response and recovery • Disaster Recovery Plan • The building is gone – what do you do? • Objectives • Synopsis • Staffing considerations • Hot site activation • Notification and escalation procedures • Team roles and composition • Testing

  16. CU*Answers’ Plan • Business Recovery Plan • Recovering normal business operations at a temporary facility • Objectives and scope • Notifications and Escalations • Recovery centers • Team composition and responsibilities • Business Resumption Plan • Getting back to normal • Insurance • Facilities • Relocation teams

  17. CU*Answers’ Plan • Does NOT cover recovery of credit union operations occurring as the result of a disaster at the credit union • Loss of facilities • Loss of personnel • Loss of computers • Loss of communications circuits

  18. Your Plan Should Include • Recovery of operations at alternate site • Communications to CU*Answers at alternate site • Written agreements with alternate site providers • Recovery of computers and network • Local backups • Loss of key personnel • Connectivity to the world • Be where your members are shopping • Record of test events and results of tests

  19. CU*Answers and WESCO NET Resources • Getting help: • CU*Answers publishes their disaster recovery guide and test results on CD-ROM • Use as a template for your own plan • Incorporate our responses into your plan • Provide our plan to your examiner • Contact Dave Wordhouse for a copy • WESCO Net offers disaster recovery and business continuity planning services for credit unions. Contact Randy Brinks or Joe Couture.

More Related