Auditing and Testing

Professional Cybersecurity Resources

As an engaged and committed CUSO, CU*Answers has the professional resources available to learn about cybersecurity requirements and help credit unions design and build the infrastructure needed to continually monitor and enhance the security of their systems and to protect member information. Discover More

Delivering products and services to 200+ credit unions nation-wide

As a CUSO and cuasterisk.com network partner delivering products and services to 200+ credit unions nation-wide representing more than 2,000 concurrent system users supporting over 1.7 million members, CU*Answers is committed to being there when our customers and owners need us most. Learn More

Technology is changing at a rapid pace. Continuity and recovery plans must keep up with these changes to remain current and relevant with today’s operations. Failing to do so puts the organization at risk during an outage. This requires continuous auditing and testing.

The Business Continuity Plan should be reviewed and approved by the board and senior management annually and revised when either of the following conditions are met:

Changes in potential threats or risks
Considerable changes in business operations, functions or processes,
Considerable changes in system or network architecture,
Audit recommendations, and/or
Lessons learned from recovery tests, training exercises, or actual events (planned or unplanned).

Copies of the CU*Answers Business Continuity Plan are available to in-network credit unions upon request.

Recovery Plan Testing

An active recovery plan test and exercise program helps to:

Verify completeness and accuracy of the plan.
Identify areas within the plan that should be enhanced or updated to improve the effectiveness
Provide training for recovery teams
Demonstrate the ability to recover and build confidence

Regularly testing our recovery plans provides the maintenance windows needed to give our systems a tune-up through hardware and operating system upgrades and replacement without requiring application downtime. Keeping our systems running on all cylinders increases availability when we and our clients need it most.

Results from each CU*Answers’ High Availability Rollover exercise and Disaster Recovery test are published in a report and available below for download. In-network credit unions are encouraged to review each report and to include them in their board packet documentation.

CU*Answers High Availability and Disaster Recovery Test Reports

The following recovery test analysis reports are available for your review. We encourage you to include them in your next board meeting minutes. Please CONTACT if you have any questions regarding the reports or the CU*Answers recovery testing program.

CU*BASE/GOLD HA Rollover Reports

View our High Availability Rollover Schedule

It’s Me 247 HA Rollover Reports

Disaster Recovery (DR) Test Reports

June 2021 Report
May 2015 Report
*The May 2015 Report summarizes the final Disaster Recovery Test performed at the IBM hot-site location. The traditional (DR) strategy is no longer able to meet minimum RPO/RTO requirements. In 2016, the High-Availability (HA) Rollover Test has become the primary recovery strategy.
May 2014 Report
May 2013 Report
April 2012 Report
May 2011 Report

Item Processing Recovery Reports

Statement Printing Recovery Reports

For the Credit Union

Creating a recovery plan without testing it provides a false sense of security. If it’s not tested regularly, you can’t be sure it will work when you need it the most. Postponing plan maintenance and recovery testing results in stale plans in the hands of untrained staff.

Methods of testing include:

Life safety exercises
- (i.e., evacuation / shelter-in-place)
Plan walk–through / tabletop reviews
- (i.e., review plan, conference/meeting room)
Scenario-based tabletop exercise
- (i.e., simulation, conference/meeting room)
Alternate site exercise
- (i.e., recovery at designated alternate site – hot site)
Standalone exercise
- (i.e., single business unit or process)
Full end to end functional exercise
- (i.e., recovery for functional area)
Comprehensive exercise
- (i.e., recovery for entire organization – offline)
Integrated exercise
- (i.e., mixed with production – online)

Planning and coordinating a testing schedule can seem overwhelming. A good place to start is with a tabletop exercise. Designed to increase awareness, Tabletop exercises inform staff of their roles and responsibilities during a simulated incident or disruptive event, and engages them in team-building activities, as they collaborate on the recovery effort.

An example of a tabletop exercise can be reviewed here. For this exercise, the CU*Answers Business Continuity Team and the Records and Information Management Team (RIM) worked together to simulate a Litigation Hold Scenario. This exercise provided an opportunity for the appropriate response team to “walk-through” the response plan and identify areas for improvement.

Download and view the CU*Answers Litigation Hold Tabletop Exercise Report

For more information, see the Resilient Credit Union

Next Steps

CU*Answers offers professional and managed services to help you meet and exceed your recovery objectives. Contact a CU*Answers Continuity Consultant today to discover in-network solutions that best meet your business objectives.

Professional Services available include:

Business Continuity Planning and Resilience Testing
Information Security Risk Assessment
Comprehensive Information Security Program (CISP)
Staff Security Training
IT Examination and Audit Preparation
IT Strategy Consulting

Managed Services available include:

Network Management and Monitoring
Continuous Data Protection (CDP) including off-site data storage
Virtual Branch / Virtual Office

Business Continuity: Auditing and Testing

Professional Cybersecurity Resources

Is Your Staff Ready for the Next Disruption or Security Incident? We Can Help.

Delivering products and services to 200+ credit unions nation-wide