You’ve probably read it somewhere. Someone has probably told you. Chances are, you know that your credit union needs a business continuity plan, but you don’t remember exactly where you first heard it.
Business continuity plans are necessary, robust plans of action. They help businesses like credit unions recover from interruptions, setbacks, and disasters. So, what does the business continuity cycle look like for credit unions?
Business continuity plans identify potential risks and then outline processes designed to restore service and operations. But credit unions have so much to keep track of. It can be tough to know where to start.
This look at the business continuity cycle should help you stay on course.
Business Impact Analysis (BIA) Report
In this first stage, you have to take a close look at your business processes. Rank them in order: critical, vital, important, and necessary non-essential processes.
Whichever processes are most crucial should be privileged in any plan. That’s where you start.
(Curious to learn more about credit union business impact analyses? This blog can get you started.)
Threat Assessment and Financial Impact Analysis
Your threat assessment and financial impact analysis come after the business impact analysis report. Now that you’ve got your priorities straight from the report, you can begin evaluating particulars. Your BCP plans will be built around these two things.
Threat assessment is when you figure out the likelihood of a threat occurring and the impact it will have on your business. The financial impact analysis helps determine what kind of effect any threat will have on your bottom line.
At this level, you can start seeing pathways for strategic planning. Depending on your credit union’s goals, you might adjust your plans to compensate. For example, if your credit union’s goal is to grow or maintain a strong loan portfolio, then you need to ensure that your lending platform and channels are prioritized during any recovery processes.
Disaster Recovery Testing
Part of exercising your business continuity plan is making sure that it works. Your credit union’s plan should include a disaster recovery plan, which will outline what steps you need to take in order to get network infrastructure and systems back online after some type of catastrophe.
But all the planning in the world doesn’t add up to much if your plans are unrealistic or faulty. That’s why you have to test those plans. You need to know that you can recover your most critical functions in an acceptable amount of time.
If your credit union’s disaster recovery plans don’t hold up to testing, then it’s time to make adjustments.
One very helpful tool in business continuity plan exercising testing is the tabletop exercise. Tabletop exercises are walk-throughs of specific scenarios. Participants go through each step necessary to managing that event.
Update, Update, Update
After you’ve done your analyses, assessments, planning, testing, and table-top exercising, you’re free!
Free to update your analyses, assessments, plans, and so forth, that is. If not everything ran smoothly, this is your opportunity to shore up any weaknesses. If everything did run smoothly, then this is your chance to make it even better and more comprehensive.
Once you’ve made some changes, then you know what to do!
(Run it back. Test them again.)
In this stage, you should also double check your contact information. Do you know the phone numbers and email addresses of all your staff members? How about your vendors? Is all that information up to date? These are the people you’ll be relying on in a pinch, so you’d better know how to get in touch with them.
Ongoing Operations helps credit unions develop, test, and maintain business continuity plans. We’re more than happy to discuss your BCP questions or challenges. Simply fill out this short form and we’ll be in touch!
If you’d like to read more about credit union business continuity planning, disaster recovery, business impact analysis, or things of that nature, you should subscribe to our blog! We also cover topics such as cybersecurity, credit union cloud, managed infrastructure, and more.
Or, if you want to see a couple more pieces aimed specifically toward the topic at hand, check out our quick guide to NCUA BCP requirements, or follow the links below.