Instead, such plans should be living documents. Sullivan and other experts advise credit unions to incorporate these seven steps into their disaster recovery plans:
1. Designate a place to go to restore operations, whether that’s another location or a mobile office brought to your site.
“If you don’t have that,” Sullivan says, “your plan is worth no more than the paper it’s written on.”
2. Plan how to communicate with staff. “Your people are your most important asset,” Sullivan says. “Set up a notification system. Reroute telephone calls or establish a special number staff can call for updates.”
3. Focus on more than the core system.
“The core is about a third of your information technology infrastructure,” says Gary Yeager, vice president of sales for Ongoing Operations, a CUNA Strategic Services alliance provider. “What about the other two-thirds? If you lose connections to third-party vendors, you’re in as much trouble as if you lose your core.”
4. Prioritize applications. Figure out your business-critical applications.
The core will come first, “but from there, opinions differ on the next critical application, and the next,” says Steve Comer, credit union industry manager for Hyland Software. “Prioritizing your applications is key to how quickly your credit union will get back in business.”
5. Consider geography. Locating a disaster recovery site 10 miles away may seem convenient.
But in a natural disaster, “a 10-mile spread won’t help you,” Comer says. “Being in a different state or region of the country is worth thinking about.”
6. Validate backup data. Is the data on your backup tapes any good?
“We’ve had clients send us tapes that contain no valid data,” Comer reports. “Too often credit unions overlook the validation step.”
7. Test your plan. Testing also often lands on the back burner, Sullivan says, but it’s the only way to ensure your recovery plan will work. He notes that some credit unions test by using disaster simulations.
A more basic method is a tabletop exercise in which you “bring in key staff and ask questions,” Sullivan says. “It’s day one, what are you going to do first? What are you going to do next? What will you do on day two? Run those scenarios to see if people are prepared.”
WASHINGTON (5/4/15, UPDATED 1:45 p.m. ET)--Building on the success credit union advocates are having in getting data breach legislation introduced in the U.S. Congress, today CUNA launches a new call to action to garner support for the recently introduced House Data Security Act of 2015 (H.R. 2205).