Take Our Business Continuity Management Quiz

The FFIEC updated their BCP IT Examination Handbook in November 2019. In fact, the handbook is no longer called BCP (Business Continuity Planning) but is now called BCM (Business Continuity Management).

This is the first major update in several years. Are you BCM Ready? How will your bank comply with the new handbook?

Have you conducted a formal business process-based Business Impact Analysis (BIA) that identifies all critical interdependencies?
Does the BIA produce sufficient information to establish the following? Recovery point objectives (RPO); Recovery time objectives (RTO) for each business process (prioritized); and Maximum tolerable (or allowable) downtime (MTD/MAD)
Does your risk/threat assessment measure both the impact and the probability (likelihood) of potential disruptive threats, including worst case (low probability, high impact) scenarios?
Have you identified all existing resilience (including cyber) measures for all critical interdependencies in your program? Interdependencies include all assets and all vendors for each business process.
Do you use the business processes identified in your BIA, including the interdependencies and recovery priorities, to guide your BCP testing? (Must be documented)
Do you use testing as employee training exercises to verify that personnel are knowledgeable of recovery priorities and procedures?
Do you track and resolve all issues identified during testing exercises, and use lesson-learned to enhance your program? (Must be documented)
Does your Board report include a written presentation providing the BIA, risk assessment, BCP, exercise and test results, and identified issues?
Do you assess Pandemic impact and probability alongside other risks/threats instead of separately?
You're taking the right steps to be BCM ready. With only a few minor adjustments, you'll be in compliance with the BCM handbook. You may want to consider managing all your compliance needs online. Our ISOversight service has a staff of experts and a complete line of applications to help you implement and maintain Information Security Policies, Vendor Management, Business Continuity Planning (BCP) and testing, Cybersecurity Risk Assessments, and more.
Not There Yet!
You likely have material deviations from the BCM Handbook and will need to do more work to get ready. Check out our checklist, "BCP Without Panic" for some helpful tips. Or, request a free plan review from Safe Systems to ensure that your business continuity plan is keeping up with changing regulations.
Need Major Changes!

Your institution has significant deviations from current BCM best practices. You'll need to consider major changes or complete replacement of your plan. Don't worry, we can help. Check out our BCP Blueprint application designed to streamline your business continuity process. Or, request a free plan review and receive recommendations from our experts on how to update your plan to ensure you are keeping up with changing regulations.