What is resiliency and what does it have to do with my Credit Union disaster recovery plans?

By pure definition, resilience is the ability to become strong, healthy, or successful again after something bad happens.  And when you place it in the context of business continuity planning, it refers to the ability of your Credit Union to be able to adapt to disruptions while maintaining continuous business operations, as well as keeping the damage to your Credit Union’s reputation, assets, and people to a minimum.

The ideal solution for ensuring business continuity resiliency would be to have a “warm” or “hot” secondary data center.  During an event, operations could failover to the backup site and your Credit Union could recover quickly.  However, that solution is not always a practical option for smaller institutions, as it can be very expensive.  An alternative solution to a secondary data center could be to maintain some or all of your systems in a “cloud” solution, such as Ongoing Operations.  With either solution though, third-party vendors (i.e. ATM, online banking, credit card, etc.) are a critical piece of the Disaster Recovery Plan.  Involving third-party vendors in your business continuity planning and testing process can help your resiliency by ensuring they’ll be there when they’re needed most.  But what’s the best way to incorporate your third-party vendors into your plan?

It should start with vendor due-diligence. Your resiliency depends on their resiliency.  Do your vendors have their own business continuity plan?  Do they test on a regular basis?  How fast can they recover from an event?  Their SSAE 16 report will provide you with information about the vendor’s business continuity and disaster recovery plans, and anything else they feel is relevant or significant.  It won’t provide every detail, but at least you’ll know they have contingency plans in place.

Resiliency isn’t built overnight.  The testing of your third-party vendors should be included in your overall disaster recovery testing strategy.  Many Credit Unions only focus their DR testing on the recovery of their core and their ancillary servers, and call it a successful test.  But, are you able to recover those critical third-party connections?  If so, how long will it take?

One approach, depending on the number of third-party vendors you have, would be to slowly incorporate each vendor into your regular DR testing of your core recovery.  Focus on one vendor at a time – don’t schedule to test them all at once.  Be sure to contact the vendor well in advance to coordinate the testing date to ensure they have the appropriate resources available for your test.  And have a clear goal for what you want to test (from a ping test to full connectivity).  Of course, you could break-out testing with each of your third-party vendors into a series of mini-tests, and then conduct one big test that include all of your vendors.  In either approach, it’s very important to document every single detail of the test.  You may discover some obstacles during testing, and that’s alright.  Success very rarely happens without failure.  Just be sure to update and/or make any necessary adjustments to your Disaster Recovery Plan.  Knowing you may have obstacles in advance makes your business continuity plan, your Credit Union, and yourself far more resilient than if you discovered them during an actual event.

Cost-Effective Solutions for Your Credit Union

Simply fill out this form and select the topic(s) that you would like more information for, and our team will reach out shortly.

Medium

Role
I agree to receive marketing communications from Ongoing Operations regarding news, updates, products, etc.(Required)

blank
modal close button

Welcome to the Ongoing Operations blog archive.

For our most up-to-date information, please visit ongoingoperations.com.

HOME