Example Bank Business Continuity / Disaster Recovery Plan
A good continuity plan should incorporate:
- activities to monitor the current risks,
- actions to take prior to an incident to reduce its probability and impact,
- actions to take during an incident to continue operations with reduced staffing, and with constraints imposed by government regulation, and legitimate staff and supplier concerns,
- actions to take after an incident has subsided to resume normal or near-normal operations.
The plan should ensure people know what to do, and where to find the information they need to carry out their tasks. It should not try and contain every detail: such a plan would be impossible to maintain. It should instead refer people to detailed procedures for IT operations, and existing banking procedures.
Note that although historically a disaster recovery plan (or DRP) referred to an IT-specific plan, and a business continuity plan (or BCP) referred to the organization's other activities, with the IT-centric nature of the most organization the distinction has ceased to be useful. In the example plans below we will often use the terms interchangeably.
The example below was generated using PlanBuilder for Business Continuity, a software package that can be used to rapidly create and maintain your business continuity / disaster recovery plan.
Bank Business Continuity Plan Table of Contents
This is the comprehensive table of contents for a typical bank recovery plan produced by the Binomial PlanBuilder for Business Continuity. It contains 1,477 pages. Most banks will choose to omit some of these sections.
For plans for other types of organizations, see Other Example Business Continuity Plans.
Quick Reference (120 pages)
When a disastrous incident occurs, the first question people will ask is What do I do now?. This module helps them find the answer quickly.
1 CALLING 911 2 INCIDENT RESPONSES 2.1 REQUIRING IMMEDIATE RESPONSE 2.1.1 Building Evacuation 2.1.2 Mail: Suspicious Package 2.1.3 Unknown Powder in Workplace 2.1.4 Bomb Threat 2.1.5 Bomb 2.1.6 Explosion 2.1.7 Fire 2.1.8 Break-in 2.1.9 Computer Intrusion 2.1.10 Medical Incident 2.1.11 Weapon Threat 2.1.12 Water Leaking 2.2 REQUIRING SHORT-TERM RESPONSE 2.2.1 Biological Hazards 2.2.2 Blizzards 2.2.3 Computer Failure 2.2.4 Computer Hacking 2.2.5 Computer Viruses 2.2.6 Electrical Storms 2.2.7 Environmental Hazards 2.2.8 Equipment Failure 2.2.9 Flooding 2.2.10 High Winds 2.2.11 Loss of Records 2.2.12 Power Outages 2.2.13 Product Tampering 2.2.14 Storm Advisory 2.2.15 Winter Weather 2.2.16 Workplace Violence 2.3 REQUIRING LONG-TERM PLANNING 2.3.1 Business Location 2.3.2 Earthquakes 2.3.3 Multi-Tenant Facilities 2.3.4 Human Error During Disaster 2.3.5 Hurricanes 2.3.6 Industrial Espionage 2.3.7 Labor Disputes 2.3.8 Loss of Workforce 2.3.9 Negative Publicity 2.3.10 Pandemic 2.3.11 Sick Building Syndrome 2.3.12 Staffing Issues 2.3.13 Succession Planning 2.3.14 Tornadoes 2.3.15 Transport Disruption 2.3.16 White-Collar Crime
Introduction (37 pages)
For those unfamiliar with the methods used in developing a continuity plan, this module provides information on the rationale and methodology used in developing the plan.
1 INTRODUCTION 1.1 PROLOGUE 1.2 CONFIDENTIALITY STATEMENT 1.3 EMERGENCY/DISASTER DEFINED 1.4 PROJECT SCOPE 1.5 OBJECTIVES 1.6 SCOPE OF THE RECOVERY PLAN 1.7 POLICY STATEMENT 1.8 DEFINED SCENARIO 1.9 MANUAL DISTRIBUTION 1.10 MANUAL RECLAMATION 1.11 PLAN REVISION DATE 1.12 DECLARATION INITIATIVES 1.13 PROJECT BACKGROUND 1.14 TEAM CONCEPT 2 REPORT ORGANIZATION 3 PURPOSE OF RECOVERY PLANNING 3.1 TERMS 3.2 INTRODUCTION TO RESPONSE PLANNING 3.3 PURPOSE OF THE PLAN 3.4 PLAN SCOPE 3.4.1 Response Scope 3.4.2 Resource Scope 3.4.3 Incident Scope 3.4.4 Communications Coordination Scope 3.5 RECOVERY OBJECTIVES 3.6 BENEFITS OF A RECOVERY PLAN 3.7 EMERGENCY RESPONSE OBJECTIVES 3.8 STRATEGY 3.8.1 Short-Term Outage - Intra-Day 3.8.2 Medium-Term Outage - Next Day to Six Weeks 3.8.3 Long-Term Outage - 6 Weeks or More 3.8.4 Recovery Phase 3.8.5 Emergency Phase 3.8.6 Back-up Phase 3.9 MANAGEMENT INPUT AND COMMITMENT 3.10 CONCEPT OF OPERATIONS 3.10.1 Emergency Response Organization 3.10.2 Normal Operations 3.10.3 Emergency Operations 3.10.4 Response Teams 3.10.5 Support Teams 3.10.6 Types of Emergencies 3.10.7 Priorities 3.11 ASSUMPTIONS
Preparation (57 pages)
There are many steps that a responsible company can take to prepare for a possible disaster which will reduce the risk, minimize the danger to staff, and reduce disruption to the organization's operations. This module addresses these preparedness issues.
1 PREPARATION 1.1 CRISIS MANAGEMENT 1.2 VULNERABILITY ASSESSMENT 1.3 FIRE PROTECTION 1.4 ELECTRICAL SYSTEMS 1.5 EXISTING DISASTER PREVENTION MEASURES 1.5.1 Measures 1.6 SECURITY 1.6.1 Physical Security 1.6.2 Logical Security 1.6.3 Personnel Security 1.6.4 Travel Security 1.7 INSURANCE 1.7.1 Business Interruption Insurance 1.7.2 Other Coverage 1.7.3 Claims Matters 1.7.4 Conclusion 2 EVENTS & SITUATIONS TO BE CONSIDERED 2.1 NATURAL EVENTS 2.2 HUMAN-CAUSED EVENTS 2.3 TECHNICAL EVENTS 2.4 EQUIPMENT FAILURES 3 COMMUNICATIONS & PUBLIC INFORMATION 3.1 EMERGENCY COMMUNICATIONS 3.2 CRISIS COMMUNICATIONS 3.2.1 Preparations 3.2.2 Communications 3.2.3 Set Responsibilities 3.3 MEDIA RELATIONS 3.3.1 Media Objective 3.3.2 Emergency News Center (ENC) 3.3.3 Understanding The Media 3.3.4 Media Relations in a Disaster 3.3.5 Press Releases 3.3.6 Media Interviews 3.3.7 A Single Spokesperson 3.4 POLICE & FIRE PERSONNEL 3.5 REGULATORY AGENCIES 3.6 SUPPORTING DOCUMENT REFERENCES 4 CUSTOMER SERVICES 4.1 CUSTOMER COMMUNICATIONS 4.1.1 Customer Information 4.1.2 Customer Relations 4.2 COMMUNITY ASSISTANCE 4.3 SUPPORTING DOCUMENT REFERENCES 5 EMPLOYEE SERVICES 5.1 EMPLOYEE COMMUNICATIONS 5.2 FAMILY COMMUNICATIONS 5.3 FAMILY ASSISTANCE 5.4 SUPPORTING DOCUMENT REFERENCES 6 ADMINISTRATION & LOGISTICS 6.1 FOOD & LODGING 6.2 MATERIALS 6.3 EMERGENCY CASH PROCEDURES 6.4 RECORD KEEPING 6.5 SUPPORTING DOCUMENT REFERENCES 7 OUTSIDE ASSISTANCE 7.1 CRITERIA FOR REQUESTING ASSISTANCE 7.2 MUTUAL ASSISTANCE PROGRAM 7.3 RECEIVING OUTSIDE CREWS 7.4 RELEASE OF OUTSIDE CREWS 7.5 POLICE/FIRE ASSISTANCE 7.6 LOCAL GOVERNMENT ASSISTANCE 7.7 FEDERAL ASSISTANCE 7.8 SUPPORTING DOCUMENT REFERENCES
Response (13 pages)
This module discusses the actions that should be taken when during the onset of a disaster.
1 ASSESSMENT 1.1 DISASTER DETECTION AND DETERMINATION 1.2 DISASTER NOTIFICATION 1.3 AREAS THAT SHOULD BE REVIEWED 1.4 WHEN TO ACTIVATE THE PLAN 1.5 WHAT TO DO WHEN A CRISIS ERUPTS 2 RESPONSE 2.1 HOW TO ACTIVATE THE PLAN 2.2 EVACUATION POLICY 2.3 ACTIVATION OF A DESIGNATED HOT SITE 2.4 DISSEMINATION OF PUBLIC INFORMATION 2.5 PROVISION OF SUPPORT SERVICES 3 FOLLOW-UP AND EVALUATION
Recurring Tasks (52 pages)
To ensure that a plan is up to date, meets the organization's needs, and that it can be carried out efficiently by the personnel concerned, it is important that the plan is properly maintained, bank staff are given suitable training, and that parts of the plan are regularly tested.
This module discusses these requirements.
1 EXERCISING THE PLAN 1.1 GENERAL 1.2 EMERGENCY DRILLS 1.3 EXERCISES 1.3.1 Walk-Through Exercise 1.3.2 Functional Exercise 1.3.3 Simulation Exercise 1.3.4 Full-Scale Exercise 1.3.5 Hot-Site Testing 1.4 SCOPE OF THE EXERCISE 1.4.1 Component Exercise 1.4.2 Plan Exercise 1.4.3 Process Exercise 1.4.4 Exercise Description 1.5 EXERCISE FREQUENCY 1.6 EXERCISE RESPONSIBILITY 1.6.1 Exercise Management Team 1.6.2 Application Team(s) 1.7 DATA COLLECTION 1.8 INTERNAL REVIEWS & CRITIQUES 1.8.1 Evaluation 1.8.2 Internal Tracking 1.9 EXTERNAL REVIEWS & CRITIQUES 1.9.1 Schedule 1.9.2 Location 1.9.3 Participants 1.9.4 Agenda 1.9.5 Action Item Tracking 1.9.6 Acknowledgements 1.10 TEST SUGGESTIONS 2 TRAINING 2.1 GENERAL 2.2 WHO SHOULD BE TRAINED 2.3 SPECIFIC FUNCTIONAL TRAINING 2.4 TRAINING PHASES 2.4.1 A Framework For Training Response Teams 2.4.2 Pre-Planning Training & Awareness 2.4.3 Planning Methodology Training 2.4.4 Plan Role & Responsibility 2.4.5 Pre-Exercise Training 2.5 RESPONSE PROCEDURES TRAINING 2.5.1 Purpose 2.5.2 Building Accoutrements 2.5.3 The Human Element 2.6 PRIMARY PROCEDURES FOR EMERGENCY RESPONSE 2.6.1 Fire Procedures 2.6.2 Fire Safety Tips 2.6.3 Bomb Threat & Search Procedures 2.6.4 Evacuation Procedures 2.6.5 Severe Weather 2.6.6 Medical Emergencies 2.7 SUGGESTED SCENARIOS 2.7.1 Technological Accident 2.7.2 Natural Disasters 2.7.3 Business Crises 2.7.4 External Threats/ Other Hazards 2.7.5 External Threats due to Location 2.7.6 Human Factors 2.8 SUPPORTING DOCUMENT REFERENCES 3 MAINTENANCE 3.1 PURPOSE 3.2 MAINTENANCE REASONS 3.3 MAINTENANCE REPORTS 3.4 MAINTENANCE SCHEDULE 3.5 MAINTENANCE LOG 4 AUDITING 4.1 AUDITING THE PLAN 4.2 AUDITING EMERGENCY RESPONSE PLANS 4.2.1 The Plan Manager 4.2.2 Determination of Criticality 4.2.3 Resourcing 4.2.4 Siting of Recovery Facilities 4.3 COPIES OF THE PLAN 4.4 STAFF TRAINING & AWARENESS 4.5 OFF-SITE STORAGE OF DOCUMENTATION 4.6 INTERDEPENDENCIES 4.7 EMERGENCY RESPONSE & RECOVERY 4.8 TESTING & EXERCISES 4.9 MAINTENANCE OF THE PLAN 4.10 DOES THE PLAN MAKE SENSE
Team Tasks (1,104 pages)
To effectively manage disaster planning and bank operations during a disaster, it is desirable to split staff into teams. This module suggests a very complete set of teams and identifies what the team needs to do during the period leading up to, during, and after an incident. For a smaller bank, some of these teams will be merged with each other.
1 MANAGEMENT TEAMS 1.1 EMERGENCY RESPONSE MANAGEMENT TEAM 1.2 STEERING COMMITTEE 2 MANAGEMENT SUPPORT TEAMS 2.1 INCIDENT INFORMATION TEAM 2.2 PLAN DEVELOPMENT TEAM 2.3 SITUATION INSPECTION TEAM 2.4 EXERCISE MANAGEMENT TEAM 3 FUNCTIONAL TEAMS 3.1 FINANCE TEAMS 3.1.1 Finance Team 3.1.2 Payroll Team 3.1.3 Resource Control Team 3.1.4 Billing Team 3.2 COMMUNICATIONS TEAMS 3.2.1 Communications Team 3.2.2 Communications Center Team 3.2.3 Emergency News Center (ENC) 3.3 ADMINISTRATION TEAMS 3.3.1 Administration Team 3.3.2 Supplies Team 3.3.3 Shipping Team 3.3.4 Purchasing/Procurement Team 3.4 SENIOR MANAGEMENT TEAM 3.5 HUMAN RESOURCES TEAM 3.6 LEGAL TEAM 3.7 RISK MANAGEMENT TEAM 3.8 ENVIRONMENTAL HEALTH & SAFETY TEAM 3.9 PHYSICAL SECURITY TEAM 4 OPERATIONAL TEAMS 4.1 CALL CENTER TEAM 4.2 CUSTOMER SUPPORT TEAM 4.3 ORDER ADMINISTRATION TEAM 4.4 ENGINEERING TEAM 4.5 MANUFACTURING/PRODUCTION TEAM 4.6 MARKETING TEAM 4.7 SALES TEAM 4.8 E-BUSINESS TEAM 4.9 RECORDS MANAGEMENT TEAM 4.10 LIBRARY SERVICES TEAM 4.11 FACILITIES/MAINTENANCE TEAM 5 I.T. TEAMS 5.1 Mainframe Teams 5.2 IT BCP Coordination Team 5.3 Desktop Computing Devices Team 5.4 Help Desk Team 5.5 Help Desk Restoration Team 5.6 Off-site Data Storage Retrieval Team 5.7 Network Restoration Team 5.8 Voice Communication Restoration Team 5.9 Server Hardware and Software Team 5.10 Server Room Operations Team 5.11 Data Center Operations Team 5.12 Database Administration Restoration Team 5.13 e-Business Team 5.14 e-Business Restoration Team 5.15 Logical Security Team 5.16 Website Restoration Team 5.17 Failover Team 5.18 Computer Hardware Team 5.19 Computer Software Team 5.20 Computer Operations Team 6 BANK HEADQUARTERS TEAMS 6.1 Finance 6.1.1 Bookkeeping 6.1.2 Proof 6.1.3 Item Processing 6.1.4 General Ledger 6.1.5 Accounts Payable 6.1.6 Asset Liability Management 6.2 Information Technology 6.2.1 Platform Automation 6.2.2 Telecommunications 6.2.3 Audio Response 6.2.4 Client/Server System 6.3 Retail credit unioning 6.3.1 Branch Coordinator 6.3.2 Tellers 6.3.3 New Accounts 6.3.4 Customer Service 6.4 Lending 6.4.1 Consumer 6.4.2 Corporate 6.4.3 Residential Mortgages 6.4.4 Credit Collection 6.5 Operations 6.5.1 ATM's 6.5.2 Wire Transfers 6.5.3 ACH (Automatic Clearing House) 6.5.4 NSF Returns 6.5.5 Clearing Processing 6.6 Capital Markets/Investments/Secondary Markets 7 BANK BRANCH TEAMS 7.1 Retail credit unioning 7.1.1 Branch Coordination 7.1.2 Tellers 7.1.3 New Accounts 7.1.4 Customer Service 7.2 Information Technology 7.2.1 Platform Automation 7.2.2 Telecommunications 7.2.3 Audio Response 7.2.4 Client/Server System 7.3 Operations 7.3.1 ATM's 7.3.2 Wire Transfers 7.3.3 NSF Returns 7.4 Lending 7.4.1 Consumer 7.4.2 Commercial 7.4.3 Residential Mortgages 7.4.4 Credit Collection 7.5 Personnel/Human Resources 8 RESPONSE TEAMS 8.1 Emergency Reaction Team 8.2 Emergency Assessment Team 8.3 Emergency Command Center Coordination Team 8.4 Response Administration Team 8.5 Logistics/Supplies Team 8.6 Response Finance Team 8.7 Call Center Restoration Team 8.8 Facilities/Maintenance Response Team 8.9 Transportation Team 8.10 Services Support Team 8.11 Relocation Team 8.12 Volunteer Coordination Team 9 SALVAGE TEAMS 9.1 Damage Assessment Team 9.2 Records Salvage Team 9.3 Building/Facilities Salvage Team
Key Data (37 pages)
Key data should be readily available to manage the recovery plan. If it is not readily available elsewhere, it should be included in the plan.
1 INTRODUCTION 2 APPLICATIONS 3 BUILDING PLANS 4 COMPANY RECORDS 5 CRITICAL FUNCTIONS 6 EMERGENCY SKILLS 7 HARDWARE 8 ALTERNATIVE WORK SITES 9 INSURANCE POLICIES 10 KEY CUSTOMERS 11 KEY SUPPLIERS 12 OTHER ASSETS 13 SALVAGE EQUIPMENT 14 SOFTWARE 15 SYSTEMS 16 TELEPHONE LIST 17 VEHICLE INFORMATION 18 VITAL INFORMATION
Additional Resources (10 pages)
Planning resources useful in creating and maintaining the plan are mentioned here.
1 BINOMIAL RESOURCES 2 CONTACT CENTRE RESOURCES 3 OTHER RESOURCES 4 ALTERNATE LOCATIONS 5 CONTACT CENTRE VITAL RECORDS 6 CROSS-TRAINING 7 NETWORK DIAGRAMS 8 AREA MAPS 9 KEY HOLDERS 10 EMERGENCY EVACUATION PROCEDURES 11 EVALUATION OF CORPORATE THREATS 12 SITUATION REPORTS 13 ORGANIZATION CHARTS
Appendices (47 pages)
The appendices module provides forms and checklists for use in implementing the plan.
1 RISK PERSPECTIVES 2 INFORMATION CATEGORIES OF URGENCY 3 THE BINOMIAL METHODOLOGY 3.1 CURRENT SITUATION REVIEW & NEEDS ASSESSMENT 3.2 THREATS & VULNERABILITIES 3.3 BUSINESS IMPACT ANALYSIS 3.4 ANALYSIS OF ALTERNATIVE METHODS 3.5 IDENTIFICATION OF KEY APPLICATIONS & PROCESSES 3.6 PREPARATION OF DRAFT PLAN 3.7 TESTING 3.8 PREPARATION OF FINAL PLAN 3.9 TRAINING 3.10 DEVELOPMENT OF MAINTENANCE PROCEDURES 4 PLAN APPROACH 4.1 HAZARDS 5 EMERGENCY COMMAND CENTER 5.1 PURPOSE 5.2 LOCATION 5.3 OBJECTIVES 5.4 ORGANIZATION 5.5 ECC FUNCTIONS 5.6 ECC STAFFING 5.6.1 Command Center Coordinator 5.6.2 Command Support 5.6.3 Information Coordinator 5.6.4 Liaison Coordinator 5.6.5 Safety Coordinator 5.6.6 Medical Coordinator 5.6.7 Facility Coordinator 5.6.8 Policy & Planning 5.6.9 Communications 5.6.10 Logistics 5.6.11 Finance & Administration 5.7 FACILITIES & EQUIPMENT 5.7.1 Facilities 5.7.2 Equipment 5.8 OPERATIONS 5.8.1 Emergency Levels 5.8.2 Operation Phases 5.9 ECC FACILITIES CLOSING 6 FINDINGS AT ACME BANK 6.1 MISSION CRITICAL FUNCTIONS 6.2 WHAT WAS FOUND 6.2.1 Key Business Processes 6.2.2 Our Findings At Acme Company 6.2.3 Preventive Measures In Place 6.3 CONCERNS (EXAMPLE) 6.4 POSSIBLE EXPOSURES SPECIFIC TO ACME BANK 6.5 RECOMMENDATIONS 7 TRAVEL INSTRUCTIONS 7.1 HOT-SITE DIRECTIONS 7.2 OFF-SITE STORAGE DIRECTIONS 7.3 OFF-SITE WORK DIRECTIONS
Preparing Your Plan
This is potentially a lot of information for your bank to create and maintain. It's far easier and more cost-effective to start with a product, such as our comprehensive Binomial PlanBuilder for Business Continuity, which will both enable you to get your plan up and running quickly and make it easier for you to maintain your plan. (For an even quicker start, consider our Binomial JumpStart™ which combines software with on-site training and consulting.
The product pricing compares well with the do-it-yourself alternative. Why not try an evaluation copy and get started on your plan right away?