Credit Union Business Continuity Test

Business Continuity TestOngoing Operations conducts hundreds of Business Continuity Tests for Credit Unions every year. Our tests are designed to be much more realistic than testing from 10 or 15 years ago. Business Continuity Testing can be very complex and should be taken in intervals. If you have never conducted Business Continuity Tests before we recommend following a five step program to gradually increase the scope and complexity of the test.

The process follows five key Areas:

  1. Process – Start with making sure you do a tabletop exercise first. This ensures your staff have a basic understanding of the recovery process. Credit Unions can have hundreds of business processes so this is a key step.
  2. Systems – Have your IT Department recover servers, data, and telecom independently of the rest of the organization. Make sure they can meet established RPO and RTO objectives.
  3. Combine Process and Systems – Conduct a Business Continuity Test that combines the human and technology elements into one Test. This will be much harder and is a significant step forward in your testing process.
  4. Improve on Step 3 by adding realism to the scenario and complexity by simulating what would really happen in a disaster
  5. Move to Live – Conduct a full failover and failback using your recovery solutions. Very few clients ever get to this as it does include some risk and can be disruptive. However it is the best way to validate and establish expectations for a real event.

Outside of the 5 step process above – each test that Ongoing Operations conducts is designed to accomplish ten key criteria. Ongoing Operations will present our Standard Scope of Work for a Credit Union Business Continuity test and then will work with the client to tailor it for your specific requirements. The Ongoing Operations testing methodology is designed to accomplish the following:

Ten Key Goals

  1. Validate your Business Impact Analysis
  2. Improve your Crisis Management Plan
  3. Validate you can meet your RPO’s (Recovery Point Objectives)
  4. Validate you can meet your RTO’s (Recovery Time Objectives)
  5. Establish standard Recovery Procedures (in case you are gone in a disaster)
  6. Determine if your Telecommunication plan can handle your disaster scenario
  7. Determine if you can connect to critical third party providers (Connector)
  8. Uncover problems or flaws in your Business Continuity Program
  9. Train your IT Department and Organization on your Business Continuity Solution
  10. Establish confidence and value with the solutions you have purchased

Click here for FFIEC guidelines on Testing:

 

In general we find it takes a few hours of effort to properly scope and design the test. The actual business continuity test can take up to two full days depending on the depth. Many of our clients test multiple times in a year.

Are you looking for ways to engage your staff in your business continuity program? Are you looking for ways to improve your Business Continuity solution?