ERP's Business Continuity Program is developed to assist customer organizations in managing a serious disruptive crisis in a controlled and structured manner. Business Continuity Planning is a key part of ERP's ISMS and is of the three-part umbrella encompassing an organization’s Business Continuity Management Program: Business Continuity Planning, Disaster Recovery and Incident Response.
A Business Continuity Plan should support the enterprise-wide recovery of critical systems and must include a Business Impact Analysis (BIA), evaluation of strategy alternatives, development of business continuity plans for key business functions, and incorporation of critical and essential business functions for your Business Continuity Program.
ERP utilizes guidance from ISO 27001:2013 standard along with other industry best practices to develop a comprehensive living document to support proactive measures to mitigate disruptive events that aligns with the credit union’s strategic goals and objectives in addition to remaining compliant with regulations to safeguard member, employee and organization information, products and services.
ERP.Aero applies an industry-standard proejct methodology approach comprised of the following five project phases:
1) Assessment
This is the identification phase of the engagement. ERP works with management and departments to assess critical functions, essential staffing, systems requirements and other aspects for recovery after a disaster event. ERP also reviews existing Business Continuity Plans to identify gaps or recovery strategy alternatives and delivers a summary “Trip Report” to the client.
2) Architecture
After reviewing the Trip Report with the client, CastleGarde develops the Business Impact Analysis (BIA), Critical Prioritization Matrix and Risk Analysis; the framework for the full Business Continuity Plan (BCP). These critical components identify the resiliency planning, mitigation controls and impacts of a contingency event on an organization. Once the BIA and Risk Analysis are reviewed, CastleGarde begins development of the full BCP.
3) Implementation
CastleGarde works with the client to develop, validate and implement the enterprise-wide Business Continuity Plan utilizing the framework developed in the BIA. A final, editable version of the BCP is then delivered to the client after all draft revisions are completed.
4) Management
Managing the BCP after implementation includes an annual BCP Table Top Exercise lead by CastleGarde with the BCP Team and other Management Team members that meets FFIEC and NCUA regulatory guidance. The Tabletop can be contracted as an onsite or remote exercise based on client needs. Following the BCP Table Top Exercise a final report analysis with any identified outcomes and a recovery rating completes the engagement.
5) Maintenance
CastleGarde offers the option to contract for Annual Maintenance of the Business Continuity Plan to ensure the Credit Union maintains the plan according to regulatory guidance and changes.