Business Continuity & Disaster Recovery Services
In March, 2008, the FFIEC published an updated Business Continuity Planning booklet. Sunera can assess your Financial Institution’s compliance with the revised guidelines to ensure the availability of critical financial services to your customers. To perform this examination, Sunera professionals execute the audit procedures specified in the FFIEC Information Technology Examination Handbook. Specifically, our examination will include the following objectives to assess the institution’s capabilities and plans to recover its operations in the event of a disaster:
1. Evaluation of existing business continuity plans and consideration of the following:
- in-scope functional process flows and interdependencies (internal and external);
- points where key business processes use technology assets;
- identified process-mandated Maximum Tolerable Outages (MTO), Recovery Time Objectives (RTO), Recovery Point Objectives (RPO) and/or Service Delivery Objectives (SDO) and gaps in technology capabilities;
- estimated potential business impacts – financial, operational, legal/regulatory/compliance, reputational – using information gathered via interviews and facilitated sessions; and
- minimum recovery requirements (e.g. staffing, office space, telecommunications, supplies, etc.) for At Time Of Disaster (ATOD) operations.
2. Assessing the Institution’s controls for system availability including hardware component failures, disaster recovery, business continuity planning, business resumption planning, and use of outsourced service providers.
