Professional Documents
Culture Documents
BCP Training1
BCP Training1
BCP Training1
Threat Analysis
Categorize threats by natural, man-made,
political, and technological threats.
What are the internal and external threats that
each location of the institution faces?
What controls are in place to mitigate these
threats?
Are there areas where we can improve or mitigate
the threat further?
Plan Development
Risk Assessment
Identify all institution assets
Hardware
Software
Business Processes; New Accounts, Lending,
Operations, etc
Identify vendors related to assets
Determine controls in place to recover asset
Identify resources required to recover assets
Plan Development
Risk Assessment
Determine RPO (Recovery Point Objective)
The point in time that the data needs to be recovered
from; i.e. EOD, EOM, Last Transmission, etc.
Determine RTO (Recovery Time Objective)
The length of time that the asset needs to be recovered;
i.e. 4 hours, 24 hours, 48 hours, etc.
Risk Rating
Determine a risk rating for each asset; i.e. Low, Medium,
High
Plan Development
Business Impact Analysis
Determine the financial impact of non-recovery of
assets or department functions
Determine the impact of non-recovery of assets
on:
Reputation
Operating Efficiency
Customer Service
Legal Requirements
Fraud
Unmanageable Backlogs
Plan Development
Training
All employees will receive training on:
Overall BCP recovery efforts
Emergency procedures
Overall training will be done annually
New employees will receive initial training
Plan Development
Testing
A BCP is not possible without testing
Testing proves recovery strategies
Failed tests are not a failure of the plan, but rather
and opportunity to improve the plan and recovery
process
Testing is done annually on critical business
processes
Plan Structure