Pub. 2 2013 Issue 9
December 2013 25 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s Y OUR BUSINESS CONTINUITY PLAN (BCP) is your life raft for both expected and unexpected disasters. It is your road map to recovery. Illustrations aside, it’s very important, and your employees need to be able to read it. I’ve heard it said that even an unschooled person should be able to pick up a BCP and get the bank restored properly. While it is important to have a well-thought-out BCP, it’s not likely you will round up a team of unschooled persons to read and follow your BCP. The first reason being: most unschooled people can’t read. It is more likely that restoration will be performed by you and your employees; better yet, employees who have been hand-picked as capable workers. I make note of this anecdote because banks often design business continuity plans with every single step and click explained for every facet of the organization. As important as it is for your BCP to be thorough, it’s just as important for it to be user friendly. The sheer volume of data in a BCP can be very overwhelming to read, let alone build. If you focus on how achievable your BCP is while constructing it, you will find implementation of the BCP much more pleasant. With all the capabilities that technology allows, many organizations find themselves in data overload, keeping more data than is necessary just because they can. That mindset is a hindrance to a functional BCP. To maintain a practical style of documentation, consider what information will be truly valuable to each situation. De- fine recovery objectives that are detailed enough that the reader knows what to do, but no so exhaustive that they feel the need to speed-read your BCP because of its novel-like qualities. Knowing the software, supplies, vendors, and systems required to fully execute a process is essential information for restoration, but it’s okay to make some assumptions to reduce the level of granu- larity involved in your BCP. Remember you’re writing to a specific audience: your employees. Instead of including every detail neces- sary to perform processes normally, focus on what is necessary for a restoration process. Encourage your employees to keep instruction manuals and procedures of their own (and you may find that many do). Then, their manuals and procedures can be referenced by the plan, and even made accessible with the plan, without having to be written out and maintained directly in the plan. This will help you sustain a balance between availability of information and superfluous informa - tion, which can become obstructive to the efficiency of your business continuity goals. To nicely tie all the pieces together, you should have an administrator who oversees the entire BCP development process. This administrator is key in assurance of a strong, succinct business continuity plan. One of the main requirements for business continuity planning is to con- tinually update the plan to reflect the current operation environment. This is a completely attainable goal when the administrator only has to update the restoration concepts of your bank’s business processes and not every step and click for each employee’s daily tasks. Leticia Saiid is a tandem Software Support Specialist for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits and security testing, and tandem – a security and compliance software suite designed to help financial institutions create and maintain their Information Security Programs. Visit our website at www.conetrix.com. USING TABLETS IN THE CLOUD By Nathan Dahlstromof CoNetrix HOW TO CONSTRUCT A BALANCED BUSINESS CONTINUITY PLAN By Leticia Saiid, Security+
Made with FlippingBook
RkJQdWJsaXNoZXIy OTM0Njg2