DR/BCP Scrutiny – UPDATED

Auditors (and some FDIC examiners) are scrutinizing disaster recovery plans more closely, specifically looking to verify that the plan structure adheres to FFIEC guidance. We’ve definitely seen this regarding the Business Impact Analysis and the Risk Assessment; the first 2 phases specified by the guidance.

FFIEC DR Cycle

UPDATE: At least one regulator (OTS) is demanding that all Recovery Time Objectives (RTO’s) be based on an methodical analysis of the tolerance for downtime for each process, and NOT simply a subjective value.

Print Friendly, PDF & Email

Join Our Community

Related Posts