Business continuity planning booklet homeland security digital. Ndis itinformation security examination workprogram. This booklet rescinds and replaces the previous business continuity planning booklet, which was issued in march 2003, and has been revised to reflect technological and regulatory changes with a focus on managements responsibilities regarding oversight of. Ffiec issues stealth update to bcp handbook compliance guru. Apr, 2019 business continuity planning booklet appendix j. Business continuity planning represents a cyclical, processoriented approach that includes a business impact analysis bia, a risk assessment, risk management, and risk monitoring and testing. Cyber resilience is a particular focus, as are third party service provider implications. Occ expands on thirdparty cyberrisks bankinfosecurity.
Nov 16, 2019 for example, the board and senior management responsibilities section is now titled business continuity management governance. Mar 12, 2020 the ffiec released a major update to its business continuity planning booklet, renaming the guidance business continuity management. Validating business continuity plans through testing with the tsp to ensure strongtprm. Everything you need to know about the ffiec business continuity booklet and how. While the new bcm booklet does not have all of the detail from appendix j. It was not until february 2015 that another version of the booklet would be released. Bcp addressing cyberevents scenarios, including impact assessment. Ffiec business continuity booklet avalution consulting. Aug 29, 2015 ffiec it examination handbooks business continuity planning booklet, appendix j. Ffiec business continuity planning booklet appendix j. The ffiec business continuity booklet includes an appendix j addressing the need to strengthen the resilience of outsourced technology services, and the information security booklet includes a specific section on oversight of thirdparty service providers. Financial regulators release new appendix to business continuity planning booklet appendix j. Business continuity planning booklet appendix j update to. The updated business continuity management bcm booklet is a complete overhaul of the 2015 updated bcp booklet, which added the famous appendix j to strengthening the resilience of outsourced technology services.
Continuity planning business bcp ffiec it examination. The business continuity management bcm booklet is one in a series of booklets that comprise the federal financial institutions examination council ffiec 1 information technology examination handbook it handbook. Sep 06, 2017 in 2015, the ffiec released a new appendix to the business continuity planning booklet regarding business continuity for banks. This updated version replaces the february 2015 business continuity planning booklet, as well as rescinds occ bulletin 20159, ffiec information technology examination handbook.
Feb 11, 2016 the ffiec business continuity planning booklet uses the term resilience almost 100 times, but mostly in the glossary appendix b and in the newest addition, appendix j, strengthening the resilience of outsourced technology services. This appendix to the ffiecs business continuity planning booklet examines four key elements of bcp that a financial institution should address to ensure they are contracting with technology service providers tsps that are strengthening the resilience of technology services. Appendix j was released by the ffiec in 2015 as a revision to the business continuity planning booklet which is part of the ffiec information. The federal financial institutions examination council ffiec has issued an appendix to the business continuity planning bcp booklet of the ffiec information technology examination handbook entitled strengthening the resilience of outsourced technology services. The business continuity planning process involves the recovery, resumption, and maintenance of the entire business, not just the technology component. Strengthening the resilience of outsourced technology services background and purpose many financial institutions depend on thirdparty service providers to perform or support critical operations. The update included an addition of appendix j, strengthening the resilience of outsourced technology services. Ffiec updates business continuity planning guidance.
The booklet also was designed to provide guidance to financial institutions about the implementation of their business continuity planning processes. Strengthening the resilience of outsourced technology services background and purpose many financial institutions depend on thirdparty service providers to perform or support. Although not addressed on this page, additional 2019 business continuity management booklet changes include. A crisis response, information sharing view of ffiec appendix j. Strengthening the resilience of outsourced technology services fca informational memorandum on threats to information management systems. This appendix to the ffiecs business continuity planning booklet examines four key elements of bcp that a financial institution should address to ensure they. Ffiec release of updated business continuity planning. A financial institution should be able to demonstrate the ability to recover critical it systems and resume normal business operations regardless of whether the process is supported inhouse or at a tsp for all types of adverse events. In those four months, has your institution begun aligning its business continuity program bcp with appendix j. Ffiec it examination handbooks business continuity planning booklet, appendix j. These financial institutions should recognize that using such providers.
The ffiec released a revised business continuity planning bcp booklet, which is part of the ffiec information technology handbook it handbook. The revised booklet provides information for examiners to assess the adequacy of a banks risk management related to the availability of critical financial products and services. Eliminated the pandemic planning section and integrated the content into the main body of the document. Ffiec issues cyberresilience guidance bankinfosecurity. Strengthening the resilience of outsourced technology services, new appendix for business continuity planning booklet. While the new bcm booklet does not have all of the detail from appendix j, one can note that the expectations of making thirdparty management a part of your business continuity process are spread throughout the updated handbook, with the bulk of expectations found in section iv. Posted on april 6 specifically, this section provides guidance regarding. The ffiecs business continuity planning booklet discusses four basic components to business continuity planning. Business continuity planning booklet issued in february 2015. The federal financial institutions examination council ffiec has released a new appendix, strengthening the resilience of outsourced technology services, to the business continuity planning booklet of the ffiec information technology examination handbook. Ffiec releases updated business continuity management booklet. The ffiec revised the business continuity management booklet of its information technology examination handbook. The change from business continuity planning to business continuity management reflects the changes in customer and industry expectations for the resilience of operations.
Strengthening the resilience of outsourced technology services highlights that a financial institutions reliance on thirdparty. Integrated relevant concepts from appendix j into the main body of the booklet. Strengthening the resilience of outsourced technology services highlights the fact that a financial institutions reliance on thirdparty service providers with regard to critical operations does not. In may 2003, the ffiec issued revised guidance for examiners and financial institutions on business continuity planning. Nevertheless, it appears the core purpose of the updated booklet is to clarify intent and extend the reach of business continuity planning into the realm of recovery of operations following an event.
The bcm booklet describes principles and practices for it and operations for safety and. The guidelines were included in a new 16page appendix that was added to the business continuity planning booklet. Vendor risk management and ffiec appendix j venminder. In case you may have missed it, the federal financial institution examination council ffiec added a new appendix to their it booklet for business continuity planning bcp earlier this year. Services, new appendix for business continuity planning booklet. Ffiec it examination handbook and thirdparty risk management. The booklet was titled business continuity planning and focused on. The purpose of this letter is to inform you the federal financial institution examination council ffiec 1 issued updated guidance for examiners, credit unions, and technology service providers to identify business continuity risks, evaluate controls, and implement risk management practices for effective business continuity planning. Appendix j was released by the ffiec in 2015 as a revision to the business continuity planning booklet which is part of the ffiec information technology examination handbook. Occ bulletin 20159 announced that the ffiec has released appendix j to the business continuity planning booklet of the ffiec. The new appendix ensures that the booklet aligns with regulatory guidance on thirdparty relationship risk management and incorporates emerging risks, such as cyber resilience risk concerns. Ffiec updates business continuity planning booklet with appendix j.
Business continuity planning booklet, issued in march 2008. Appendix j of the bcp booklet discusses the following four key elements of bcp that a financial institution should address to ensure that their technology service providers tsps are providing resilient technology services. Sep 06, 2018 todays topic is a quick dive into ffiecs appendix j and how it relates to your vendor risk management program. The appendix highlights that a financial institutions reliance on thirdparty service providers to perform or support critical operations does not relieve a financial institution of its. Ffiec issues stealth update to bcp handbook this caught me by surprise as it was not formally announced in the whats new section, but the appendix j update to the business continuity planning handbook apparently constituted a complete update to the handbook. Appendix j, along with all of the other significant appendices, has now been interwoven into the new november 2019 bcm booklet. Financial regulators release new appendix to business. Strengthening the resilience of outsourced technology services and was the first guidance published by the ffiec to directly join the concepts of business continuity and thirdparty oversight.
Strengthening the resilience of outsourced technology services the federal financial institutions examination council ffiec members today issued a revised business continuity planning booklet bcp booklet, which is part of the ffiec information technology examination handbook it handbook. Is your institution prepared for such a wide gamut of possibilities. Updated ffiec business continuity planning booklet tips. This is a refresh and update of certain components previously included in appendix j, the most recent update to the business continuity planning handbook, issued in february 2015. The federal financial institutions examination council ffiec updated the business continuity planning booklet bcp booklet by adding a new appendix j, titled strengthening the resilience of outsourced technology services. Strengthening the resilience of technology sources was published in february 2015.
Ffiec information technology examination handbook occ. Business continuity planning booklet appendix j update to ffiec it examination handbook series summary. Strengthening the resilience of outsourced technology services. Ndis itinformation security examination workprogram 201 cmr 17. The federal financial institutions examination council ffiec has issued an appendix to the business continuity planning bcp booklet of the ffiec information technology examination handbook entitled. The revised booklet replaces the business continuity planning booklet issued in february 2015 and rescinds occ bulletin 20159, ffiec information technology examination handbook. On february 6, the ffiec added a new appendix j to its business continuity planning booklet titled strengthening the resilience of outsourced technology services guidance which discusses the importance of cyber resilience in light of the increasing sophistication and volume of cyber threats and their ability to disrupt operations and. Licensees are required to follow the requirements outlined in mgl chapter 93h. From the table of contents to the appendices, the business continuity. In february 2015, the ffiec released a new appendix to the business continuity planning booklet appendix j. Pogach, regulatory paralegal the federal financial institutions examination council ffiec has revised its business continuity planning booklet with a new appendix entitled, appendix j. Business continuity planning is one of the 11 booklets comprising the ffiec it examination handbook. The federal financial institutions examination council ffiec has issued an appendix to the business continuity planning bcp booklet of the.