V.B     Continuity and Recovery

Management should establish protocols for operations continuity and system recovery. The BCP may include:

  • Addressing customer service requests during downtime.
  • Tracking daily transactions.
  • Reconciling general ledger accounts.
  • Documenting operational tasks.
  • Posting entries after system recovery.
  • Maintaining backup records to provide customer account information (e.g., account numbers, customer names, addresses, account status, and account balances).
  • Documenting steps for system hardware and software recovery and restart.

When appropriate, procedures should address manual steps for critical functions, such as back-office operations, loan operations, and customer support. Business continuity plans and procedures should be clear, concise, and easy to implement in an emergency,Refer to NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal Information Systems. NOTE: While this document pertains to federal information systems, the principles are relevant for non-federal information systems. such as checklists and step-by-step procedures.

Displaced customers may not have access to their normal identification and personal records. The BCP should include alternate identity verification methods, and management should be alert for fraud or other suspicious activities. Procedures should address fraud identificationRefer to the Financial Crimes Enforcement Network’s (FinCEN) FIN-2006-A001, Guidance to Financial Institutions Regarding Hurricane-Related Benefit Fraud. and suspicious activity reportingRefer to FinCEN’s FIN-2013-G002, Administrative Difficulties in Submitting Electronic Reports to FinCEN. according to protocols and legal requirements.Refer to 31 CFR 1020.220, Customer Identification Programs for Banks, Savings Associations, Credit Unions, and Certain Non-Federally Regulated Banks.

During the recovery phase, management should coordinate access and availability of power and telecommunications systems with various entities. Management should coordinate with the police and fire departments and local and state government agencies to facilitate timely, secure resilience strategies. Management may also coordinate with other federal agencies, such as the Federal Emergency Management Agency, depending on the disaster severity. Refer to the IT Handbook’s “Operations” booklet for additional information.


Previous Section
V.A Event Management
Next Section
V.C Facilities and Infrastructure