Friday, November 15, 2019

Revised FFIEC Business Continuity Planning Guidance

The updated document is on FFIEC's Web site under IT  booklets here.

 This is a much tighter, more concise document with some long overdue improvements:
  • Overall language and terminology has been modernized
    • Business Continuity Management (BCM) vs. Business Continuity Planning (BCP)
    • Cloud services and virtualization are things!
  • The governance section lays out board and management roles more clearly
  • Risk Management takes center stage
    • Pointers on how to align BCM practices and Risk appetite
  • BCP/DR Testing -- clear distinctions between DR testing for information systems and tabletop/BCP exercises
  • Event Management and Incident Response are addressed separately and in detail
  • Appendix J is rolled up into the main body of the document under the Resilience section  -- includes Third Party and Cyber resilience
If you need help incorporating the updated guidelines into your BCM (or BCP) program give us a call at (717) 256-1865 or send email to