Much like achieving good health is to our body (result of decisions we make and actions we take every day), resilience is to the organization. It’s built up over time. Just as a strong immune system helps the body fight off germs and viruses, a strong continuity and recovery program helps the organization resist and respond to threats that could disrupt normal operations.
- Resilience \ri–’zil-yən(t)s\ noun “The operational and technological readiness that prepares an organization to make day-to-day operations efficient and cost-effective, and to resist, absorb and recover from or successfully adapt to adversity or a change in conditions.”
An operational risk is any incident or event that results in a partial or full disruption to one or more processes producing a measurable impact (loss). Examples include power outage, server malfunction, service disruption, software error, security incident, severe weather, flooding and fire, to name a few.
These incidents can occur in many forms including:
- Interruption of IT services or loss of data
- Disruption in the workplace
- Reduction in the workforce
- Disruption of a service from a third-party vendor
The impact from these incidents can range from minimal (affecting only one product or service or a single branch) to major (affecting multiple products or services at all branches) across multiple disciplines (Operational, Reputational, Financial, and Compliance). Regardless of the impact, organizations must be ready to respond. For each type of event or incident, the response must be quick and it must be effective. The only way to achieve this level of readiness is to plan carefully and to practice regularly.
Strict security, disaster recovery and business continuity requirements are a reality facing credit unions and financial institutions today. A static plan is not enough. Developing and implementing a Business Continuity Management (BCM) program that results in a repeatable process focused on continual improvement is the new standard. Resilience starts when business continuity stops being a series of separate activities, is embraced as a business process, and becomes part of day-to-day decision-making and operations.
The success or failure of the BCM program rests on the shoulders of the board and senior management. As stated in the FFIEC IT Examination Handbook, they are accountable for the oversight and governance of the Business Continuity Planning process, which includes:
- Establishing policy by determining how the institution will manage and control identified risks;
- Allocating knowledgeable personnel and sufficient financial resources to properly implement the BCP;
- Ensuring that the BCP is independently reviewed and approved (annually);
- Ensuring employees are trained and aware of their roles in the implementation of the BCP;
- Ensuring the BCP is regularly tested on an enterprise-wide basis;
- Reviewing the BCP testing program and test results on a regular basis; and
- Ensuring the BCP is continually updated to reflect the current operating environment.”
Resilience begins with defining the mission, setting the policy, rolling up our sleeves, and never looking back. The good news is that a field-tested roadmap (framework) has been developed to build and maintain a robust BCM program.
CU*Answers offers professional and managed services to help you meet and exceed your recovery objectives. Contact a CU*Answers Continuity Consultant today to discover in-network solutions that best meet your business objectives.
Professional Services available include:
- Business Continuity Planning and Resilience Testing
- Information Security Risk Assessment
- Comprehensive Information Security Program (CISP)
- Staff Security Training
- IT Examination and Audit Preparation
- IT Strategy Consulting
Managed Services available include:
- Network Management and Monitoring
- Continuous Data Protection (CDP) including off-site data storage
- Virtual Branch / Virtual Office