In a recent abstract, the
Journal of Internet Banking and Commerce
reports that nearly 60% of US enterprises don't have IT disaster recovery plans. In their study of 154 financial institutions in the United States they found that it wasn't the size of the institution or the IT budget that determined success, but instead the testing and documentation of their recovery processes.
According to Journal's study, firms that are considered well-prepared have conducted IT service analysis, provided employee training, selected methods of IT disaster identification and notification, defined backup procedures, determined offsite storage locations, determined recovery procedures, and performed ongoing maintenance.
The following best practices for IT disaster recovery testing can help you prepare for the worst so you are ready to spring into action should disaster strike:
Test from your planned backup location
, whenever possible. Should your branch be decimated by tornado, flood, or other event your staff must be able to resume business at your alternate site. Enrolled Recovery Solutions clients have access to our
mobile banking facility
and conduct a "live site" test just as they would in the event of an actual disaster.
Include all essential staff members and backup personnel. Should staff members be unable to perform actual disaster recovery efforts, it's imperative that their roles are covered. Document all duties and responsibilities accordingly. Should pandemic or severe weather render key personnel unable to perform their duties, ensuring you have staff who are competent to step in will be critical to business resumption.
Test all critical applications. The FFIEC mandates that testing documentation indicates that your institution can perform all necessary business transactions in the event of disaster. This includes independent communications to your core service provider.
Have your testing independently reviewed by a qualified third party. Doing so helps identify gaps so you can create a list of items to correct prior to your next test.
Test regularly. The FFIEC requires annual testing. However you may need to test more often. Software updates, personnel changes and other regular business modifications may mean additional tests and changes to documentation.
IT business continuity planning is complex and can be time-consuming, causing a strain on IT departments. For small to mid-size financial institutions, that can be crippling. That's where we come in. Recovery Solutions offers
full-service testing services
to help your IT staff plan, test, and document test results so that you not only meet FFIEC compliance but feel prepared and well-equipped to deal with a disaster.
today to get started.