This caught me by surprise as it was not formally announced in the “What’s New” section, but the Appendix J update to the Business Continuity Planning Handbook apparently constituted a complete update to the Handbook. Here is what the press release said in part:
The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised Business Continuity Planning Booklet (BCP Booklet), which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The update consists of the addition of a new appendix, entitled Strengthening the Resilience of Outsourced Technology Services. (emphasis added)
If you only focused on the last sentence (as I did), you would think all they did was add an appendix to the existing booklet. But the first sentence states that they issued a revised booklet. And sure enough, they changed the date.
Here is the old booklet:
And here is the new booklet:
I’ve written about the wide-ranging implications of “Appendix J” previously. In comparing the old and new BCP booklets I was unable to find any other changes in the document except the addition of Appendix J, and some changes to Appendix A. Regular readers know that each of the 11 booklets has an Appendix A which contains the examination procedures. The message here is that the FFIEC considered the addition of Appendix J significant enough to warrant new examination procedures, and a whole new handbook with a new revision date!
7 Reasons Why Small Community Banks Should Outsource IT Network Management
I’ve gone through Appendix A of both the new booklet and the previous booklet and highlighted all of the changes. If you’re interested in how your next BCP exam might differ, you can download a copy of my marked-up document here. The complete BCP Handbook is here.