Western Independent Banker - January/February 2008 - (Page 19)

By Mark T. Edmead, MBA, CISSP, CISA The Effect of Business Continuity Management on Compliance Programs MANY REGULATIONS, SUCH as Sarbanes Oxley, NYSE 466, and Gramm-Leach Bliley, make it a requirement for companies to develop, maintain, review and update business continuity and disaster reviewing plans. For financial institutions, the proliferation of these regulations means that companies need to implement an integrated approach to business continuity. The compliance to these regulations has elevated the involvement of senior management. It also means that BCM has moved from information security to becoming a necessary part of a company’s strategic plan. Recent events including the September 11 attacks, Hurricane Katrina, SARS, the Avian flu and the Asia tsunami have caused companies to evaluate how they handle disaster events, and specifically, the organizations’ business continuity and disaster recovery plans. The business continuity plan (BCP) addresses an organization’s ability to continue functioning when normal operations are disrupted. In essence, a business continuity plan incorporates the policies, procedures and practices that, in the event of a disaster or crisis, allow an organization to recover and resume both manual and automated mission critical processes. In some organizations, the BCP might include other plans such as disaster recovery, end-user recovery, contingency, emergency response, and crisis management. One definition is that the BCP is an all-encompassing term covering both disaster recovery planning and business resumption planning. The disaster recovery plan (DRP) defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption. The plan is designed to assist a company in restoring the business process within the stated disaster recovery goals. Specifically, the DRP is used for the advanced preparation and planning necessary to minimize the damage caused by the disaster, and ensures the availability of the critical information systems of the organization. The term business continuity management (BCM) is defined at the development of strategies, plans, and actions that provide protection or alternative modes of operation for activities or business processes which, if there were to be interrupted could cause seriously damaging or potentially fatal loss to the enterprise. BCM is a process that provides a framework to ensure the resilience of your business to any eventuality, to help ensure continuity of service to your key customers. It provides a basis for planning to ensure your long-term survivability following a disruptive event. To put it another way, business continuity management is the development of strategies, plans, and actions which provide protection or alternative modes of operation. In order for the business continuity plan to be effective, the compromised operation needs to be operational within timeframes set by management. Business continuity management goes beyond the protection of resources from physical damage. Business continuity management includes the following core elements: crisis management, business resumption planning, and IT disaster recovery planning. Crisis management is the process designed to enable an effective response to an event. When operating in crisis management mode the goal is to stabilize the situation and prepare the business for recovery operations. Business resumption planning (sometimes called business recover) involves the recovery of critical business functions. The IT disaster recovery addresses the recovery of critical IT assets including systems, applications, databases, storage, and other network assets. Financial institutions must not only ensure compliance to regulatory issues but also effectively communicate policy and regulatory issues to the organization. Training and awareness programs are needed to ensure that everyone knows the risks of non-compliance with not only regulations. A successful program depends upon executive endorsement and appropriately motivating personnel to incorporate security, privacy and contingency activities into their job responsibilities. Mark Edmead is managing partner of MTE Advisors, Inc. in Escondido, Calif., and has over 28 years experience in the areas of computer systems architecture, information security, project management and IT and application audits. He can be reached at mark@mteadvisors.com. The business continuity plan (BCP) addresses an organization’s ability to continue functioning when normal operations are disrupted. In essence, a business continuity plan incorporates the policies, procedures and practices that, in the event of a disaster or crisis, allow an organization to recover and resume both manual and automated mission critical processes. Western Independent Banker January/February 2008 19 Table of Contents for the Digital Edition of Western Independent Banker - January/February 2008Western Independent Banker - January/February 2008ContentsA Message from the PresidentCompliance AdministrationFour Realities of Data Security Policy, EnforcementManaging Internet Banking RisksUnderstanding Data Breach Notification LawsThe Effect of Business Continuity Management on Compliance ProgramsBridging the GAAPTop 10 Compliance Fitness Steps for De Novo BanksCommon OFAC Errors and How to Avoid ThemThe Intersection of Equal Credit Opportunity and Sub-Prime LoansLocation-Based Tax Credits for BanksProtect Your Bank and Your CustomersWIB CalendarWelcome New MembersIndex to Advertisersadvertiser.comWestern Independent Banker - January/February 2008Western Independent Banker - January/February 2008 - Western Independent Banker - January/February 2008 (Page Cover1)Western Independent Banker - January/February 2008 - Western Independent Banker - January/February 2008 (Page Cover2)Western Independent Banker - January/February 2008 - Western Independent Banker - January/February 2008 (Page 3)Western Independent Banker - January/February 2008 - Western Independent Banker - January/February 2008 (Page 4)Western Independent Banker - January/February 2008 - Contents (Page 5)Western Independent Banker - January/February 2008 - Contents (Page 6)Western Independent Banker - January/February 2008 - Contents (Page 7)Western Independent Banker - January/February 2008 - A Message from the President (Page 8)Western Independent Banker - January/February 2008 - A Message from the President (Page 9)Western Independent Banker - January/February 2008 - Compliance Administration (Page 10)Western Independent Banker - January/February 2008 - Compliance Administration (Page 11)Western Independent Banker - January/February 2008 - Four Realities of Data Security Policy, Enforcement (Page 12)Western Independent Banker - January/February 2008 - Four Realities of Data Security Policy, Enforcement (Page 13)Western Independent Banker - January/February 2008 - Managing Internet Banking Risks (Page 14)Western Independent Banker - January/February 2008 - Managing Internet Banking Risks (Page 15)Western Independent Banker - January/February 2008 - Managing Internet Banking Risks (Page 16)Western Independent Banker - January/February 2008 - Understanding Data Breach Notification Laws (Page 17)Western Independent Banker - January/February 2008 - Understanding Data Breach Notification Laws (Page 18)Western Independent Banker - January/February 2008 - The Effect of Business Continuity Management on Compliance Programs (Page 19)Western Independent Banker - January/February 2008 - Bridging the GAAP (Page 20)Western Independent Banker - January/February 2008 - Bridging the GAAP (Page 21)Western Independent Banker - January/February 2008 - Bridging the GAAP (Page 22)Western Independent Banker - January/February 2008 - Top 10 Compliance Fitness Steps for De Novo Banks (Page 23)Western Independent Banker - January/February 2008 - Top 10 Compliance Fitness Steps for De Novo Banks (Page 24)Western Independent Banker - January/February 2008 - Common OFAC Errors and How to Avoid Them (Page 25)Western Independent Banker - January/February 2008 - Common OFAC Errors and How to Avoid Them (Page 26)Western Independent Banker - January/February 2008 - The Intersection of Equal Credit Opportunity and Sub-Prime Loans (Page 27)Western Independent Banker - January/February 2008 - The Intersection of Equal Credit Opportunity and Sub-Prime Loans (Page 28)Western Independent Banker - January/February 2008 - Location-Based Tax Credits for Banks (Page 29)Western Independent Banker - January/February 2008 - Protect Your Bank and Your Customers (Page 30)Western Independent Banker - January/February 2008 - Protect Your Bank and Your Customers (Page 31)Western Independent Banker - January/February 2008 - WIB Calendar (Page 32)Western Independent Banker - January/February 2008 - WIB Calendar (Page 33)Western Independent Banker - January/February 2008 - advertiser.com (Page 34)Western Independent Banker - January/February 2008 - advertiser.com (Page Cover3)Western Independent Banker - January/February 2008 - advertiser.com (Page Cover4)http://www.nxtbookMEDIA.com

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.