FFIEC revises business continuity planning guidance
- Published: Friday, 03 April 2015 13:56
The US Federal Financial Institutions Examination Council (FFIEC) has published a revised Business Continuity Planning Booklet, which is part of the FFIEC Information Technology Examination Handbook. The update consists of the addition of a new appendix, entitled ‘Strengthening the Resilience of Outsourced Technology Services’.
The BCP Booklet contains guidance to assist examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services. The booklet also was designed to provide guidance to financial institutions about the implementation of their business continuity planning processes.
The new appendix highlights that a financial institution’s reliance on third-party service providers to perform or support critical operations does not relieve a financial institution of its responsibility to ensure that outsourced activities are conducted in a safe and sound manner. An effective third-party management program should provide the framework for financial institution management to identify, measure, monitor, and mitigate the risks associated with outsourcing. Specifically, a financial institution should ensure that its third-party service providers do not negatively affect its ability to appropriately recover IT systems and return critical functions to normal operations in a timely manner. The appendix highlights and strengthens the BCP Booklet in four specific areas:
- Third-party management
- Third-party capacity
- Testing with third-party technology service providers
- Cyber resilience.
The revision can be read here (PDF).