DR/BCP Scrutiny – UPDATED

July 9, 2010 Tom Hinkel From the Field 0 comment  Like

DR/BCP Scrutiny – UPDATED

Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this regarding the Business Impact Analysis and the Risk Assessment; the first 2 phases specified by the guidance.

FFIEC DR Cycle

UPDATE: At least one regulator (OTS) is demanding that all Recovery Time Objectives (RTO’s) be based on an methodical analysis of the tolerance for downtime for each process, and NOT simply a subjective value.

Print Friendly, PDF & Email
Tags
Tom Hinkel
Tom Hinkel
As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.
tom.hinkel@safesystems.com

Write a Comment

© 2024 Safe Systems, Inc. All rights reserved. Compliance Guru is a registered trademark of Safe Systems. Privacy Policy