The Resilient Credit Union

Professional Cybersecurity Resources

As an engaged and committed CUSO, CU*Answers has the professional resources available to learn about cybersecurity requirements and help credit unions design and build the infrastructure needed to continually monitor and enhance the security of their systems and to protect member information. Discover More

Delivering products and services to 200+ credit unions nation-wide

As a CUSO and cuasterisk.com network partner delivering products and services to 200+ credit unions nation-wide representing more than 2,000 concurrent system users supporting over 1.7 million members, CU*Answers is committed to being there when our customers and owners need us most. Learn More

Much like achieving good health is to our body (result of decisions we make and actions we take every day), resilience is to the organization. It’s built up over time. Just as a strong immune system helps the body fight off germs and viruses, a strong continuity and recovery program helps the organization resist and respond to threats that could disrupt normal operations.

Resilience \ri–’zil-yən(t)s\ noun “The operational and technological readiness that prepares an organization to make day-to-day operations efficient and cost-effective, and to resist, absorb and recover from or successfully adapt to adversity or a change in conditions.”

An operational risk is any incident or event that results in a partial or full disruption to one or more processes producing a measurable impact (loss). Examples include power outage, server malfunction, service disruption, software error, security incident, severe weather, flooding and fire, to name a few.

These incidents can occur in many forms including:

Interruption of IT services or loss of data
Disruption in the workplace
Reduction in the workforce
Disruption of a service from a third-party vendor

The impact from these incidents can range from minimal (affecting only one product or service or a single branch) to major (affecting multiple products or services at all branches) across multiple disciplines (Operational, Reputational, Financial, and Compliance). Regardless of the impact, organizations must be ready to respond. For each type of event or incident, the response must be quick and it must be effective. The only way to achieve this level of readiness is to plan carefully and to practice regularly.

Strict security, disaster recovery and business continuity requirements are a reality facing credit unions and financial institutions today. A static plan is not enough. Developing and implementing a Business Continuity Management (BCM) program that results in a repeatable process focused on continual improvement is the new standard. Resilience starts when business continuity stops being a series of separate activities, is embraced as a business process, and becomes part of day-to-day decision-making and operations.

The success or failure of the BCM program rests on the shoulders of the board and senior management. As stated in the FFIEC IT Examination Handbook, they are accountable for the oversight and governance of the Business Continuity Planning process, which includes:

Establishing policy by determining how the institution will manage and control identified risks;
Allocating knowledgeable personnel and sufficient financial resources to properly implement the BCP;
Ensuring that the BCP is independently reviewed and approved (annually);
Ensuring employees are trained and aware of their roles in the implementation of the BCP;
Ensuring the BCP is regularly tested on an enterprise-wide basis;
Reviewing the BCP testing program and test results on a regular basis; and
Ensuring the BCP is continually updated to reflect the current operating environment.”

Resilience begins with defining the mission, setting the policy, rolling up our sleeves, and never looking back. The good news is that a field-tested roadmap (framework) has been developed to build and maintain a robust BCM program.

Next Steps

CU*Answers offers professional and managed services to help you meet and exceed your recovery objectives. Contact a CU*Answers Continuity Consultant today to discover in-network solutions that best meet your business objectives.