What does NCUA look for when auditing my credit Union DR/BCP program?

by. Robin Remines

I had the honor of speaking at a credit union chapter meeting this evening and while discussing my career path as a computer scientist working in a lab to an IT leader in the credit union industry – it dawned on me that the two industries have one strong commonality – COLLABORATION. As a scientist, we freely swapped lessons learned from experiments or beta (alpha!) projects. The same is true for our industry as credit union leaders engage in collaborative efforts from sharing simple best practices to formation of CUSOs. Today’s post is all about that type of information sharing as we bring you new trends we are seeing in NCUA examination that may impact your credit union DR/BCP program!

Trend 1 – Better break out your  “Interagency Guidelines Establishing Information Security Standards (NCUA Rules & Regulations, Part 748, Appendix A&B)

You may be thinking but that’s IT security, not DR! Let me tell you, whatever fine line there was before seems to have disappeared.  Part 748 calls for the safeguarding and protection of member data from risks/threats. Sound familiar? Your BIA (Business Impact Analysis) , which is the foundation of your entire business continuity program,  calls for the identification of threats and the development of mitigation strategies.  It is an easy transition to see how  a new focus is being placed on credit union s to enhance their BCP program to include an expanded risk assessment which covers Part 748.

Action Steps To Take Now:

1) If you haven’t already read (and re-read) the IT Security Compliance Guidelines – start here. This isn’t a once and done read. If IT isn’t your area, schedule some time with your IT department to review the guidelines and discuss ways to integrate it into your DR/BCP.

continue reading »