Recovery Solutions is a proven leader in providing disaster recovery, annual proof of
concept testing and business continuity solutions to the financial industry since 2005.
Recovery Solutions Newsletter
July 2017


The FFIEC and national cyber-security experts continue to stress the importance of testing and having suitable backup solutions. In a world where natural disasters are increasing in frequency and severity, and where cyber threats are becoming more common, having a proper backup for your data and regularly testing your business continuity plan are more important than ever.

This month we'd like to share tips on using the new FFIEC Cyber Assessment Tool, which was recently updated. We're also sharing some tips on selecting a cloud-based backup solution.

Hurricane season has begun, severe storms and tornadoes are hitting in the Midwest, and extreme heat in the Southwest are all cause for concern. Are you ready? This summer is already shaping up to pose several threats. Besides having your business ready, download our Family Emergency Plan. The plan is complete with forms, checklists, templates, tips and helpful links to ensure your family is informed and prepared in case disaster strikes.

Recovery Solutions is an industry leader in disaster recovery services, testing, and restoration for the financial industry. Click here to join our newsletter mailing list for FFIEC updates and tips for disaster recovery. Or learn more by emailing us to register for a free seminar.

FFIEC Cyber Assessment Tool Update - June 2017
The risks of data loss due to cyber threats and severe weather continue to increase. There is no better time than now to ensure that your organization has a tested and documented plan for business continuity should disaster strike. Recently, the FFIEC made updates to their Cyber Assessment Tool (CAT) to help smaller institutions better evaluate their ability to respond to external threats. 

Amy McHugh, a bank adviser and former IT examination analyst for the Federal Deposit Insurance Corporation (FDIC) explains that the changes give smaller institutions a better opportunity to reach "baseline" regulations from examiners. Listen to the entire interview.

Top 5 Disaster Recovery Testing Best Practices
In a recent abstract, the  Journal of Internet Banking and Commerce reports that nearly 60% of US enterprises don't have IT disaster recovery plans. In their study of 154 financial institutions in the United States they found that it wasn't the size of the institution or the IT budget that determined success, but instead the testing and documentation of their recovery processes. 

According to Journal's study, firms that are considered well-prepared have conducted IT service analysis, provided employee training, selected methods of IT disaster identification and notification, defined backup procedures, determined offsite storage locations, determined recovery procedures, and performed ongoing maintenance.

The following best practices for IT disaster recovery testing can help you prepare for the worst so you are ready to spring into action should disaster strike:

1. Test from your planned backup location, whenever possible. Should your branch be decimated by tornado, flood, or other event your staff must be able to resume business at your alternate site. Enrolled Recovery Solutions clients have access to our mobile banking facility and conduct a "live site" test just as they would in the event of an actual disaster. 

2. Include all essential staff members and backup personnel. Should staff members be unable to perform actual disaster recovery efforts, it's imperative that their roles are covered. Document all duties and responsibilities accordingly. Should pandemic or severe weather render key personnel unable to perform their duties, ensuring you have staff who are competent to step in will be critical to business resumption.

3. Test all critical applications. The FFIEC mandates that testing documentation indicates that your institution can perform all necessary business transactions in the event of disaster. This includes independent communications to your core service provider.

4. Have your testing independently reviewed by a qualified third party. Doing so helps identify gaps so you can create a list of items to correct prior to your next test.

5. Test regularly. The FFIEC requires annual testing. However you may need to test more often. Software updates, personnel changes and other regular business modifications may mean additional tests and changes to documentation.

IT business continuity planning is complex and can be time-consuming, causing a strain on IT departments. For small to mid-size financial institutions, that can be crippling. That's where we come in. Recovery Solutions offers full-service testing services to help your IT staff plan, test, and document test results so that you not only meet FFIEC compliance but feel prepared and well-equipped to deal with a disaster. Contact us today to get started. 
Choosing a Cloud Storage Solution -  What Do You Need to Know?
Your clients count on you to keep their money - and their identity - safe from harm. As an increasing number of financial transactions occur online, the risks to data breach also increase exponentially. By 2019, IT Web estimates that the total cost of data breaches will likely exceed $2.1 trillion.

Having a solid backup and disaster recovery plan will help your institution prevent, prepare for, and recover from IT disasters or natural disasters. When selecting a cloud-based or other backup solution, here are a few questions you may want to ask:
  • Where are their data centers located? Ensuring that they have multiple geographically distributed data centers decreases the risk posed by natural disasters. Ensuring that they have multiple data centers far enough from your location and distributed away from coastlines, flood plains, and other likely targets increases the stability of your data. 
  • Who are their customers? Different backup solutions have different features/benefits. Selecting a provider that caters to the financial industry may mean that they already have an understanding of your business needs, which can save time and offer convenience. It also means they're more likely to meet data security guidelines and compliance.
  • What security & hardware do they use? What security and hardware solutions do they employ? Safe and compatible solutions are a must when backing up your data.
  • Cost - Is their plan scaleable as your institution grows? Find out how their plan works and see what works best to meet your business needs in the future. As your client base grows and more clients utilize online banking, your backup provider will need to be able to accommodate and you'll need to ensure it can be done in a cost-effective manner.
  • Response time - how quickly can your data be restored should disaster strike? Should your data be lost you need to know you can count on them to provide quick response so you can be back up and running as quickly as possible.

Recovery Solutions offers business continuity planning and resumption capabilities, including guidance on selecting cloud or other backup options. Call our experts today for a free consultation!

See Us In Action!

Recovery Solutions planning, testing, and documentation services ensure you are compliant and ready for IT examinations. Here's what one of our clients has to say:

"I wanted to let you know that we are going through our FFIEC IT Exam this week. The examiner was very impressed with the testing report and how thorough everything was. He pointed out how clear it was to see what we tested and he was impressed to see how fast we were able to do it.

I just wanted to say thanks!"

Melinda Shoemaker, CPA
Vice President
Mayville Savings Bank

Let us help you "wow" examiners and make your compliance audits a success. Call today or email us to schedule a private webinar presentation to learn more about Recovery Solutions services!

Recovery Solutions | Phone: 815-577-1999 | Fax: 815-577-1991| Email |