BCP handbook - Federal Financial Institutions Examination...

Info icon This preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
MARCH 2003 Federal Financial Institutions Examination Council FFIEC IT E XAMINATION H ANDBOOK BCP Business Continuity Planning MARCH 2008
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Business Continuity Planning Booklet - March 2008 TABLE OF CONTENTS INTRODUCTION ................................................................................ 1 BOARD AND SENIOR MANAGEMENT RESPONSIBILITIES ......... 3 BUSINESS CONTINUITY PLANNING PROCESS ............................ 5 BUSINESS IMPACT ANALYSIS ....................................................... 8 RISK ASSESSMENT ....................................................................... 11 RISK MANAGEMENT ...................................................................... 13 Business Continuity Plan Development .............................................................. 13 Assumptions ............................................................................................. 15 Internal and External Components ........................................................... 15 Mitigation Strategies ................................................................................. 15 RISK MONITORING AND TESTING ............................................... 17 Principals of the Business Continuity Testing Program ....................................... 17 Roles and Responsibilities ....................................................................... 18 Testing Policy ........................................................................................... 19 Execution, Evaluation, Independent Assessment, and Reporting of Test Results ..................................................................................................... 25 Updating Business Continuity Plan and Test Program ............................. 27 OTHER POLICIES, STANDARDS AND PROCESSES ................... 29 Security Standards .............................................................................................. 29 Project Management ........................................................................................... 29 Change Control Policies ..................................................................................... 30 Data Synchronization Procedures ....................................................................... 30 Crisis Management ............................................................................................. 31 Incident Response .............................................................................................. 31 Remote Access ................................................................................................... 32
Image of page 2