4 things your examiner wants you to know

by: Matt Wilhelm

Having a Disaster Recovery Plan (DRP) and identifying IT risks (with policies in place on how to mitigate those risks) are required for credit unions to remain compliant. According to the FFIEC Handbook, “It is the responsibility of an institution’s board and senior management to ensure that the institution identifies, assesses, prioritizes, manages, and controls IT risks as part of the business continuity planning process. The board and senior management should establish policies that define how the institution will manage and control the risks that were identified. ”

A large component of IT risk assessments that examiners are looking very closely at is the backup and recovery aspect. Here are 4 things about your Backup and Recovery plan that examiners want you to know:

  1. ALL “enCompassing” PLAN: According to FFIEC guidlines, “credit unions must go beyond their information systems and develop comprehensive contingency plans for all critical resources.”  Work with a vendor to put into place a plan that covers all aspects of your network, including phone systems, 3rd party applications and vendors such as shared banking, and other 3rd party connections.  The last thing you will want to do in the event of an emergency is sit on hold with your ISP. Do not assume that since your core is backed up and tested that you are safe:  The fact of the matter is, most cores back up just that – the core.  And while there is no denying your core data is of utmost importance, the rest of your network should not be ignored. Think connectivity, files, documents, email, telephone systems, etc.


continue reading »