IT Examiner School eBook

Procedure 7 – Business Continuity Strategies9

Determine whether the business continuity plan effectively addresses pandemic issuesmanagement can effectively respond to wide-scale disruptions in order to meet resilience and recovery objectives. Consider the followingDo the strategies:

• Planning

• Preparing

• Testing

• Responding

• RecoveringAddress personnel, processes, technology, and facility issues

• Address critical business risks in the operating environment

• Outline a combination of backup, replication and storage methods for data protection

• Integrate with disaster recovery services to protect against data destruction

• Provide for high redundancy levels in the data/telecommunications infrastructure, including connections with critical third-party service providers

• Utilize a consistent change management process

• Include alternatives for proprietary systems/applications

• Designate emergency personnel, including critical business process-level employees

Procedure 10

Determine whether business continuity strategies are designed to achieve resilience, such as the ability to effectively respond to wide-scale disruptions, including cyber attacks and attacks on multiple critical infrastructure sectors. Consider the following:

• Protections against backup data destruction/corruption

• Alternative telecommunications

• Forensic strategy

Procedure 8 – BCM Testing and Exercises11

Determine whether the business continuity exercise/testing program is sufficient to demonstrate the financial institution's ability to meet its continuity objectives. Consider the following:

• Regular testing of varying scenarios, including cyber attacks, based upon risk assessment

• Testing of critical business lines, systems, and operations, such as:

o Core systems

o Networks

InTREx Mapping

21

Tandem, LLC | Copyright © 2024

Confidential - Internal Use Only