by: Barbra Lowman, Vice President of IT and Client Services, CRI Solutions
Many credit union IT professionals are under the impression that a disaster recovery test is not considered successful by their examiners unless it is flawless. This belief positions them to either oversimplify their periodic test and take short-cuts to ensure success, or put undue stress and pressure on their IT support staff to execute a complex test impeccably. Our philosophy and approach is quite the contrary – to put it simply, we believe that “practice makes perfect”.
A sound approach to credit union disaster recovery includes a multi-year test plan that increases in scope and complexity year after year. Within that multi-year test plan, it’s imperative to address the recovery of all critical systems, with a special emphasis on inter-dependencies between systems and third party service providers.The goal should be to test every aspect of recovery and work together with your third party service providers to identify all issues that could prevent timely recovery, and then build a remediation strategy to address those issue and re-test.
Recognizing the importance of expecting the unexpected and flushing out the potential pitfalls associated with full scale recovery are key components of a successful disaster recovery/business continuity strategy. Executing a multi-year testing plan that focuses on all of the details and requirements of successful full scale recovery position your CU to take an incremental approach and tackle the overwhelming overall effort one piece at a time, instead of becoming overwhelmed by the magnitude of the complete exercise.
Ultimately, the purpose of examiner oversight on the credit union’s disaster recovery/business continuity strategy is to protect the member’s capability to continue to access their funds and transact business with the CU, even during a recovery scenario. We all understand this basic foundation in our business. The examiners do not require every test to be perfect – but they do require all CU’s to perform testing and uncover any issues that need to be addressed. Documentation is the most fundamental element of the testing exercise. Creating solid documentation around the scope of the test, the actions performed during the test, clear detail on all findings, and a remediation strategy/follow-up plan and schedule are vital components. Taking the time to do all the hard work in preparation, planning, and testing up front better prepares CU experts and will reduce the pressure of recovery when you are in crisis mode during recovery.
CRI Solutions partners with our CU clients to deliver disaster recovery and business continuity planning and testing services. We do not apply a blanket approach to recovery and try to force a standardized recovery strategy at all CU’s. What makes us different from our competition is the credit union business and IT experience our team collectively brings to the table, and the fact that we are willing to take the time up front to learn the credit union’s key business functions, infrastructure nuances, and develop a custom strategy that meets the needs of your staff and members. www.crisolutions.net