Banks Name

Business Continuity Plan Training

General Information

 What is a Business Continuity Plan?

 Business Continuity Plan (BCP)
 A plan created to restore critical functions after a
disaster
 A plan that allows the institution to recover from a
variety of disaster
 A plan that outlines all the critical functions of an
institution
General Information

 Clarification of the term

 BCP is referred to as a
 Business Continuity Plan
 Business Continuation Plan
 Disaster Recovery Plan
 The plans purpose is to allow recovery from a
variety of disasters; both BIG and small
General Information

 Stages of Plan Development

 Threat Analysis
 Risk Assessment
 Business Impact Analysis
 Critical Business Processes
 Team Plans
 Training
 Testing
Plan Development

 Threat Analysis
 Categorize threats by natural, man-made,
political, and technological threats.
 What are the internal and external threats that
each location of the institution faces?
 What controls are in place to mitigate these
threats?
 Are there areas where we can improve or mitigate
the threat further?
Plan Development

 Risk Assessment
 Identify all institution assets
 Hardware
 Software
 Business Processes; New Accounts, Lending,
Operations, etc
 Identify vendors related to assets
 Determine controls in place to recover asset
 Identify resources required to recover assets
Plan Development

 Risk Assessment
 Determine RPO (Recovery Point Objective)
 The point in time that the data needs to be recovered
from; i.e. EOD, EOM, Last Transmission, etc.
 Determine RTO (Recovery Time Objective)
 The length of time that the asset needs to be recovered;
i.e. 4 hours, 24 hours, 48 hours, etc.
 Risk Rating
 Determine a risk rating for each asset; i.e. Low, Medium,
High
Plan Development
 Business Impact Analysis
 Determine the financial impact of non-recovery of
assets or department functions
 Determine the impact of non-recovery of assets
on:
 Reputation
 Operating Efficiency
 Customer Service
 Legal Requirements
 Fraud
 Unmanageable Backlogs
Plan Development

 Critical Business Processes

 Based on Threat Analysis, Risk Assessment, and
Business Impact Analysis a list of critical business
processes was developed
 This list is used as a “roadmap” for the institution’s
recovery process
Plan Development
 Team Plans
 Team plans were created to recover as efficiently
as possible
 Teams are:
 Crisis Management
 Administrative
 Operations
 Facilities
 Information Technology
 Lending
 Retail Banking
Plan Development

 Training
 All employees will receive training on:
 Overall BCP recovery efforts
 Emergency procedures
 Overall training will be done annually
 New employees will receive initial training
Plan Development

 Testing
 A BCP is not possible without testing
 Testing proves recovery strategies
 Failed tests are not a failure of the plan, but rather
and opportunity to improve the plan and recovery
process
 Testing is done annually on critical business
processes
Plan Structure

 Team Plan Breakdown

 Crisis Management Team – Responsibilities
 Safety and care of staff and/or customers
 Evacuation
 Assess damage
 Coordinate recovery process
 Activate BCP
Plan Structure

 Team Plan Breakdown

 Administrative Recovery Team – Responsibilities
 Executive notification
 Handling media
 Notification of insurance, attorneys, landlord
 Manage information release to customers
 Purchasing
 Human Resources
 Accounts payable and receivable
Plan Structure

 Team Plan Breakdown

 Operations Recovery Team – Responsibilities
 Restore bank operations
 Wire transfers
 Electronic banking
 ACH
 Website
 Remote deposit
 Data processing
Plan Structure

 Team Plan Breakdown

 Facilities Recovery Team – Responsibilities
 Securing facility and assets
 Assessing damage
 Preserving/restoring paper documents
 Working with contractors for reconstruction
 Managing facility construction
Plan Structure

 Team Plan Breakdown

 Information Technology Recovery Team –
Responsibilities
 Assess damage
 Recover data
 Recover systems
 Establish communications and connectivity
 Rebuild network infrastructure
Plan Structure

 Team Plan Breakdown

 Lending Recovery Team – Responsibilities
 Assess damage
 Service customer base
 Communicate with key customers
 Assist in recovery of lending operations
Plan Structure

 Team Plan Breakdown

 Retail Banking Recovery Team – Responsibilities
 Assess damage
 Service customer base
 Communicate with key customers
 Assist in recovery of retail banking operations
 Assist in recovery of teller operations
Employee Assignment

 All employees part of recovery

 Each team has members that will develop plans
 Not every employee is assigned to a team
 If you are not assigned to a team you will be
notified of where you are needed at the time of the
disaster
 Every employee is a vital part of the recovery
Plan Maintenance
 Business Continuity Plans are NEVER done!
 BCP’s are living documents that require constant
attention and updating
 Team Leaders will work to keep team plans up to
date
 Annual testing will help identify plan deficiencies
 Annual updates will help keep the plan
information up to date
 Employee contact information
 Recovery strategies
 Vendor information
 Questions ?