Financial institutions (FIs) continue to rely on technology service providers (TSPs) to provide functions critical to business operations. Because of this, the Federal Financial Institutions Examination Council (FFIEC) has released guidance pertaining to business continuity to establish clarified guidelines that help manage business continuity and disaster recovery risks.
About FFIEC Disaster Recovery and Business Continuity Services
While the terms are often used interchangeably, disaster recovery planning (DRP) and business continuity planning (BCP) have different purposes and address different risks.
The FFIEC’s IT Booklet regarding BCP/DRP outlines the following action steps for organizations to monitor risk:
- Incorporate the business impact analysis into the BCP/DRP and testing program
- Develop an enterprise-wide testing program
- Assign roles and responsibilities for the implementation of the testing program
- Complete an annual (or more regular) test of the BCP/DRP
- Evaluate the testing program
- Evaluate test results with an independent party
- Revise the business continuity plan and testing program upon changes to the business operations, audit and examination recommendations, and test results
To ensure that TSPs can adhere with FFIEC guidelines, A-LIGN can assist your organization by offering the following services:
- BCP/DRP Assessment: A-LIGN will perform an assessment to evaluate your organization’s BCP and DRP against the FFIEC guidelines as they pertain to BC and DR. A-LIGN will review your organization’s policies and procedures, identify gaps between your plans and the FFIEC guidelines and industry best practice, and evaluate the BCP/DRP to ensure that it protects your organization’s unique location and business processes. Upon completion, A-LIGN will issue a report with an analysis of the company’s BCP/DRP and supporting policies and procedures, and assessed level of compliance with FFIEC guidelines.
- BCP/DRP Structured Walk-Through Test: Often referred to as a tabletop exercise, the structured walk-through test evaluates the plans in place by walking through a specific event scenario and applying the existing BCP/DRP to the scenario. Tabletop testing is used to evaluate personnel’s response to the scenario, their knowledge and adherence to the policy, and the company’s ability to continuity operations after executing the BCP/DRP against the tabletop scenario. Based upon the results of the walk-through, A-LIGN will develop a report detailing the results of the walk-through and provide recommendations to improve your organization’s ability to respond to an incident and meet the FFIEC Guidelines.
FFIEC Disaster Recovery and Business Continuity Solutions Tailored to Your Company
Choosing A-LIGN as your partner benefits your organization by:
- Communicating to your organization gaps in the BCP and DRP and providing recommendations to improve the plans
- Providing independent assurance to stakeholders of the validity of the plans in place at your organization
- Ensuring that your organization can implement the plans to minimize the impact of a disaster or incident
The A-LIGN Edge
Our customized compliance solutions and streamlined audit process allow you to meet all of your audit and compliance needs with a single service provider. One-stop shopping means a stress-free audit process for you, as you work with one team who understands the unique needs of your organization. See what our clients have to say:
Benefit from Our Expertise