What do these terms mean, and how do they fit together in an organization? An incident is an unplanned security threat event that potentially jeopardizes the confidentiality, integrity, or availability of a critical system or systems. An Incident Response Plan IRP is the document that captures the steps an organization executes to minimize the threat. The organization accomplishes this by isolating and eradicating the threat in a secure, timely fashion. Often when an organization experiences an incident, it results in the isolation of a critical system rendering it unavailable and thus invokes business continuity activities.
|Published (Last):||8 December 2006|
|PDF File Size:||20.50 Mb|
|ePub File Size:||12.65 Mb|
|Price:||Free* [*Free Regsitration Required]|
The IT Handbook is prepared for use by examiners. The change from business continuity planning to business continuity management reflects the changes in customer and industry expectations for the resilience of operations. The BCM booklet describes principles and practices for IT and operations for safety and soundness, consumer financial protection, and compliance with applicable laws and regulations.
The BCM booklet also outlines BCM principles to help examiners evaluate how management addresses risk related to the availability of critical financial products and services.
This booklet discusses BCM governance and its related components, including resilience strategies and plan development; training and awareness; exercises and tests; maintenance and improvement; and reporting for all levels of management, including the board of directors. The focus of this revised booklet is on enterprise-wide, process-oriented approaches that consider technology, business operations, testing, and communication strategies critical to the continuity of the entire entity.
However, business continuity should not be focused only on the planning process to recover operations after an event, but rather it should include the continued maintenance of systems and controls for the resilience of operations.
Business continuity should be incorporated into the risk management life cycle of all systems, processes, and operations of an entity. This booklet does not impose requirements on entities. Appendix A of this booklet provides objectives-based examination procedures. A Resilience IV. A Event Management V. B Continuity and Recovery V.
C Facilities and Infrastructure V. D Payment Systems V. E Liquidity Considerations V. F Other Components V.
Financial Institution Letters
Prompt delivery of introductory, reference, and educational training material on specific topics of interest to field examiners from FFIEC members. Guidance to examiners and financial institutions on the characteristics of an effective information technology IT audit function. Guidance to examiners on the principles of BCM and approaches of business continuity planning and resilience; and examination procedures to help determine the effectiveness of business continuity and resilience. Guidance to examiners to determine whether an institution effectively identifies and controls development and acquisition risks. Guidance to examiners on identifying and controlling the risks associated with e-banking activities. Guidance to examiners on factors to assess information security risks and procedures to evaluate the adequacy of the information security program. Guidance to examiners outlining the principles of overall governance and IT governance and provides examination procedures to evaluate IT governance and processes for ITRM.
The Ultimate Guide to FFIEC Business Continuity
Community banks should maintain effective business resilience and continuity commensurate with their operational complexities. Business continuity management is the process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, and products and services. The focus of business continuity management should be on more than just the planning process to recover operations after an event. It also should include the continued maintenance of systems and controls for the resilience and continuity of operations. Resilience incorporates proactive measures to mitigate disruptive events and evaluate a bank's recovery capabilities. The focus of this revised booklet is on enterprise-wide, process-oriented approaches that consider technology, business operations, testing, and communication strategies critical to the continuity of the entire business. What are you searching for in OCC.