Jump to main content

Business Continuity, Disaster Recovery, and Business Resiliency...Now, more than ever!

Business Continuity Management: What is it and why does it matter?

Business continuity management is a critical process that businesses have in place to help prevent and, if necessary, recover from potential threats to a company.

Key components of business continuity management include:

  1. Governance – Your credit union’s board members, senior management team, and internal audit committee
  2. Risk Management – Includes your business impact analysis (BIA) and risk assessment
  3. Business Continuity Strategies – Consisting of eight resilience categories and communication protocols
  4. Business Continuity Plan – Event management, continuity and recovery, facilities and infrastructure, payments systems, liquidity considerations, and other components (incident response, disaster recovery, and crisis or emergency management)
  5. Training Program for Stakeholders – Exercises, current risks, future risks, recent failures, new programs and technologies, organizational changes, and previous (exercise) lessons learned
  6. Exercises and Tests – Ongoing programs, policies, strategies, objectives, plans, scenarios, methods, industry-related exercises and resilience, third-party service provider testing, core service provider testing, and post-exercise and post-test actions for continuous improvement of your business continuity plan
  7. Maintenance and Improvement – Annual or bi-annual review and update to your existing business continuity program
  8. Board Reporting – Expectations that management is regularly monitoring business continuity and resilience activities, and that the board is providing credible challenges to management

A full breakdown of business continuity management, in relation to the credit union industry, can be found in the Federal Financial Institutions Examination Council’s (FFIEC) Business Continuity Management IT booklet.

Business Continuity Planning: Where do I start?

If you have never developed a business continuity plan, it may seem like a daunting task. Luckily, there are many resources available to credit unions, and many personnel willing to provide samples of their plans to use as a starting point. To help, we have categorized and listed some questions to consider when developing your business continuity plan.

Disaster Recovery and Its Important, Collaborative Role in Relation to Business Continuity

Contrary to popular belief, disaster recovery and business continuity are not the exact same process/procedure. Although they do go hand in hand, disaster recovery is only one piece of the pie. In fact, FFIEC defines it as an “other component” involved in the business continuity plan. The key difference between disaster recovery and business continuity is when the plan goes into effect. Business continuity is preparation before, during, and after the event, whereas disaster recovery only comes into play post-event.

Disaster recovery involves the restoring of your credit union’s IT infrastructure, data, and systems. A common goal of disaster recovery is to help a business back on its feet and operating as close to normal, with as minimal disruptions as possible, post-disaster.

Get Answers to Your Disaster Recovery Questions

Business Resiliency: The next phase of business continuity

Much like business continuity, business resiliency follows similar processes and procedures that help credit unions survive and thrive over unexpected threats. In November 2019, FFIEC updated the name of their business continuity planning document to “Business Continuity Management,” in order to better reflect the importance of "resiliency.”

Resilience, by definition, means “The capacity to recover quickly from difficulties; toughness.” Business resiliency designs and architect systems using business continuity principles to avoid recovery. This results in a resilient systems and stronger response to threats that occur, rather than scrambling to clean up after the fact. Business resiliency helps credit unions maintain business operations as normal, but with advanced technology, security, staff training, and proficiency in the face of unexpected disasters.

Learn More About Business Resiliency