Home
Client Services
Firm Philosophy
Contact Us
Career Opportunity
Acct Services
Loan Review
Tax
Compliance
EDP
About Us
Newsletter Signup
FBLG Banking News
Banking Library
File Transfers
Salary Survey
Survey Signup
FORTNER, BAYENS, LEVKULICH & GARRISON, P.C.
Certified Public Accountants

Business Resumption Plans and Disaster Recovery Plans Compared and Contrasted

By: Tyler Tobin
Date: 7/30/09
, GSEC/GIAC

Who is responsible for maintaining the Business Resumption and Disaster Recovery Plan at my Bank? What is the difference between the two plans?

There are basic differences between a Business Resumption Plan and a Disaster Recovery Plan. The Disaster Recovery Plan is devoted to information technology coupled with ensuring and supporting business continuity. A well written Business Resumption Plan will identify all key departmental activities, business processes, and positions with process responsibilities. For example, in a financial organization, a Business Resumption Plan would outline the following:

  1. Detailed business objectives.
  2. Procedures to execute the plan.
  3. Priorities for critical vs. non-critical functions.
  4. Customer service
  5. Site relocation (short-term).
  6. Site restoration (long-term).
  7. Required resources such as human, financial, facilities, administrative, and vendor support.

In addition to these areas, financial organizations should clearly define strategies for accounting, commercial and residential lending, audit, branch operations and support, tellers, marketing, investments, trust, bookkeeping, call-center support, credit support, compliance, legal concerns, and loan operations.

A well written Disaster Recovery Plan, by contrast, will identify all key network equipment, software applications, configuration settings, network data files, user operations, hardware requirements, priorities for critical versus non-critical end-user systems (Fedline machines), ecommerce/Internet controls, Intranet controls, security, process automation, backup strategy, access controls, and IT vendor availability. These processes are driven by, and thus follow from, the risks and challenges presented by the Business Resumption Plan.

All too often, responsibility for the maintenance of both types of Plans is assigned to the IT Department. This may seem a logical choice but is it correct? Consider updating the Plans by assigning staff from a number of key departments to contribute to or modify the Plans, and assemble and test all portions of the Plans on a regular basis.