Disaster Recovery

Professional Cybersecurity Resources

As an engaged and committed CUSO, CU*Answers has the professional resources available to learn about cybersecurity requirements and help credit unions design and build the infrastructure needed to continually monitor and enhance the security of their systems and to protect member information. Discover More

Delivering products and services to 200+ credit unions nation-wide

As a CUSO and cuasterisk.com network partner delivering products and services to 200+ credit unions nation-wide representing more than 2,000 concurrent system users supporting over 1.7 million members, CU*Answers is committed to being there when our customers and owners need us most. Learn More

Being prepared means planning for the worst and expecting the best. While CU*Answers has invested steadily over the past decade developing and implementing High Availability strategies to prepare us to continue operations through likely disruptive scenarios, we would fall short on our commitment if we did not plan for those unexpected, large-scale disasters, outside of the scope and reach of high-availability controls.

In the event of a disruption where failing-over to redundant hosts at the secondary datacenter is not an option, recovery teams will follow the necessary recovery procedures to restore the production system from backup media at a surviving site. To ensure our recovery teams are fully trained and capable and that procedures are validated and confirmed, bare-metal recovery exercises are performed on systems in a sandbox test environment.

For applications and systems that are not categorized as “core-processing” and are not included in the High Availability strategy, IT Contingency and Recovery Plans are maintained and tested regularly. Where feasible, redundant components are installed on systems and hardware to mitigate the risk of component failure and expedited warranty service maintained (most with 4 hour support or less).

Results from each disaster recovery test are published in a report and available for download. In-network credit unions are encouraged to review each report and to include them in their board packet documentation.

The Recovery Planning Process

Having a test-validated recovery plan that clearly articulates which systems must be recovered and in what order is crucial if an organization is to resume normal operations within an acceptable timeframe. A test-validated Disaster Recovery Plan should answer the following questions:

What happens when disaster strikes?
Will what we have planned support our business?
How do we resume ‘normal’ business procedures?

The information obtained from current Business Impact Analysis (BIA) and Risk Assessment (RA) reports will identify the amount of downtime tolerable before the organization is significantly impacted, and provide a prioritized list of systems that are required to restore critical business functions. A recovery plan should include all of the steps required to bring systems back on-line and re-establish functionality for system end-users. These systems to restore include main and branch office facilities, hardware, software, data, and communications networks.

Components required for a successful recovery include:

Test-validated documentation for restoring systems
Skilled personnel
Access to vital records (data), and
Alternate recovery resources

For the Credit Union

Whether an on-line or in-house credit union, having a test-validated recovery plan for all resources required to perform critical business functions is the baseline. To be effective, your recovery plan must provide a roadmap for restoring minimum service levels within a time-frame that is acceptable to the organization (within the parameters of RTO/RPO as identified in the BIA).

Business Impact Analysis (BIA) – “is the Process of identifying the potential impact of uncontrolled, non-specific events on an organization’s business processes.”

Recovery Time Objectives (RTO) – “represent the maximum allowable downtime that can occur without severely impacting the recovery of operations or the time in which systems, applications, or business functions must be recovered after an outage (e.g., the point in time that a process can no longer be inoperable).

Recovery Point Objectives (RPO) – “represent the amount of data that can be lost without severely impacting the recovery of operations or the point in time in which systems and data must be recovered (e.g., the date and time of a business disruption).”

For more information, see the “Resilient Credit Union.

Next Steps

CU*Answers offers professional and managed services to help you meet and exceed your recovery objectives. Contact a CU*Answers Continuity Consultant today to discover in-network solutions that best meet your business objectives.

Professional Services available include:

Business Continuity Planning and Resilience Testing
Information Security Risk Assessment
Comprehensive Information Security Program (CISP)
Staff Security Training
IT Examination and Audit Preparation
IT Strategy Consulting

Managed Services available include:

Network Management and Monitoring
Continuous Data Protection (CDP) including off-site data storage
Virtual Branch / Virtual Office

Business Continuity: Disaster Recovery

Professional Cybersecurity Resources

Is Your Staff Ready for the Next Disruption or Security Incident? We Can Help.