|10 things you should do today to minimize the impact of a disaster|
January 20, 2011
By Zach Duke, EVP Business Development, Safe Systems
2. Review your Business Continuity Plan (BCP):
a. Is it current (based on current infrastructure, personnel, etc)?
b. Is it compliant with current guidelines? Would it pass an audit or examination?
c. Have all key personnel been trained?
d. Has testing been performed within the past 12 months?
e. Verify that the contact information in your Business Continuity Plan is up-to-date. Some examples include: utility vendors, core processor, phone vendors, network vendors, and disaster recovery specialists to assist in recovery.
3. Spend one hour reviewing what you would do if a disaster were to strike tomorrow. For example, answer these questions:
a. Who would manage the disaster recovery process? (The answer should be part of your DR program, management committees section.)
b. Where would you get suitable replacement servers, teller terminals, and other essential equipment?
c. What resources could you assign to the recovery process (knowledgeable staff, contractors)?
d. Define where your customers are going to go when you have a disaster. A physical facility where customers will be able to perform retail transactions including deposits, receive cash, and open accounts is critical to your customer-facing services.
4. Physically conduct an inspection of critical infrastructure areas:
a. Are there unnecessary risks (i.e. fire hazards, fire sprinkler systems in the wrong position or the wrong type)?
b. Check that your daily data backups are completing successfully, and periodically test your ability to restore.
c. Check that all data backup tapes are where they should be (i.e. in a safe, remote storage location, etc.).
5. Validate these questions for the dependencies for data recovery and define and address the processes. For example:
a. What data is necessary for recovery of your most critical business processes?
b. If physical media are used, what type of hardware is needed? Do you have one available of the exact configuration?
c. What is the encryption password? Is this stored at another location?
d. What hardware is necessary for recovery of your most critical business processes? What server(s) will the data be restored to? Does this hardware have enough horsepower to run the applications?
e. Do you have the ability to restore your Active Directory, maintaining user authentication capabilities?
f. What version of backup software are you running? Is the software available offsite?
g. If you are using remote data backup, do you have a redundant internet connection?
6. Check that you have a complete inventory of all critical data equipment, including servers, workstations, and peripherals.
7. Make sure you have an up-to-date, offsite schematic diagram of your technology operations. If not, assign someone to get it completed. Schematics are used more and more to display complex networks; having one available when disaster strikes will allow your institution to focus on recovery rather than figuring out what you had on the network.
8. Review your DR program to determine the minimum people, processes, and equipment that you need to provide your most critical services. Make sure all Recovery Time Objectives can be met.
9. Understand your business interruption insurance and what is covered. Business interruption insurance has been a risk mitigation strategy for a number of years. In today’s economic climate it is important to know what is covered by the insurance provider and what is the institution’s responsibility.
10. Schedule a comprehensive test. Preparation is the most important part of the business continuity and disaster recovery process, and the best way to prepare is through comprehensive testing. Remember to document the results of your test, and update your Business Impact Analysis, Risk Assessment, and overall DR/BCP accordingly.
ABOUT THE AUTHOR
Zach Duke, executive vice-president of Business Development, directs all areas of the Account Management and Sales Departments of Safe Systems, Inc. Duke also oversees the development of strategic planning, consultative sales, business and network development, and partnerships. With over 12 years experience at Safe Systems, Duke specializes exclusively in IT and Compliance for financial institutions. Duke is currently on the Board of Directors for Safe Systems, sits on the advisory board for Management Information Systems at the University of Georgia, and is on the Operations/Technology Committee for the Georgia Bankers Association.
ABOUT SAFE SYSTEMS
[This article was posted on January 20, 2011, on the website of ABA Banking Journal, www.ababj.com, and is copyright 2011 by the American Bankers Association.]
| TechTopics Plus