Business Continuity Newsletter
Disaster Recovery Planning - Business Continuity Planning
Software, Consulting and Training
Binomial International
Keeping businesses in business since 1980
31 July 2014 Site Français

Example Bank Business Continuity / Disaster Recovery Plan

A good business continuity plan for a bank should incorporate:

  • activities to monitor the current risks,
  • actions to take prior to an incident to reduce its probability and impact,
  • actions to take during an incident to continue operations with reduced staffing, and with constraints imposed by government regulation, and legitimate staff and supplier concerns,
  • actions to take after an incident has subsided to resume normal or near-normal operations.

The plan should ensure people know what to do, and where to find the information they need to carry out their tasks. It should not try and contain every detail: such a plan would be impossible to maintain. It should instead refer people to detailed procedures for IT operations, and existing banking procedures.

In addition, a bank's business continuity plan has some unique requirements not found in other institutions. (See the article "Why BCP is critical (and different) for banks" for more details.)

Note that although historically a disaster recovery plan (or DRP) referred to an IT-specific plan, and a business continuity plan (or BCP) referred to the organization's other activities, with the IT-centric nature of the most organization the distinction has ceased to be useful. In the example plans below we will often use the terms interchangeably.

The example below was generated using PlanBuilder for Business Continuity, a software package that can be used to rapidly create and maintain your business continuity / disaster recovery plan.

Bank Business Continuity Plan Table of Contents

Watch The Video
( 5 mins, New Window )

This is the comprehensive table of contents for a typical bank recovery plan produced by the Binomial PlanBuilder for Business Continuity. It contains 1,477 pages. Most banks will choose to omit some of these sections.

For plans for other types of organizations, see Other Example Business Continuity Plans.

Quick Reference (120 pages)

When a disastrous incident occurs, the first question people will ask is What do I do now?. This module helps them find the answer quickly.

  1 CALLING 911
  2 INCIDENT RESPONSES
  2.1 REQUIRING IMMEDIATE RESPONSE
  2.1.1 Building Evacuation
  2.1.2 Mail: Suspicious Package
  2.1.3 Unknown Powder in Workplace
  2.1.4 Bomb Threat
  2.1.5 Bomb
  2.1.6 Explosion
  2.1.7 Fire
  2.1.8 Break-in
  2.1.9 Computer Intrusion
  2.1.10 Medical Incident
  2.1.11 Weapon Threat
  2.1.12 Water Leaking
  2.2 REQUIRING SHORT-TERM RESPONSE
  2.2.1 Biological Hazards
  2.2.2 Blizzards
  2.2.3 Computer Failure
  2.2.4 Computer Hacking
  2.2.5 Computer Viruses
  2.2.6 Electrical Storms
  2.2.7 Environmental Hazards
  2.2.8 Equipment Failure
  2.2.9 Flooding
  2.2.10 High Winds
  2.2.11 Loss of Records
  2.2.12 Power Outages
  2.2.13 Product Tampering
  2.2.14 Storm Advisory
  2.2.15 Winter Weather
  2.2.16 Workplace Violence
  2.3 REQUIRING LONG-TERM PLANNING
  2.3.1 Business Location
  2.3.2 Earthquakes
  2.3.3 Multi-Tenant Facilities
  2.3.4 Human Error During Disaster
  2.3.5 Hurricanes
  2.3.6 Industrial Espionage
  2.3.7 Labor Disputes
  2.3.8 Loss of Workforce
  2.3.9 Negative Publicity
  2.3.10 Pandemic
  2.3.11 Sick Building Syndrome
  2.3.12 Staffing Issues
  2.3.13 Succession Planning
  2.3.14 Tornadoes
  2.3.15 Transport Disruption
  2.3.16 White-Collar Crime

Introduction (37 pages)

For those unfamiliar with the methods used in developing a continuity plan, this module provides information on the rationale and methodology used in developing the plan.

  
  1 INTRODUCTION
  1.1 PROLOGUE
  1.2 CONFIDENTIALITY STATEMENT
  1.3 EMERGENCY/DISASTER DEFINED
  1.4 PROJECT SCOPE
  1.5 OBJECTIVES
  1.6 SCOPE OF THE RECOVERY PLAN
  1.7 POLICY STATEMENT
  1.8 DEFINED SCENARIO
  1.9 MANUAL DISTRIBUTION
  1.10 MANUAL RECLAMATION
  1.11 PLAN REVISION DATE
  1.12 DECLARATION INITIATIVES
  1.13 PROJECT BACKGROUND
  1.14 TEAM CONCEPT
  2 REPORT ORGANIZATION
  3 PURPOSE OF RECOVERY PLANNING
  3.1 TERMS
  3.2 INTRODUCTION TO RESPONSE PLANNING
  3.3 PURPOSE OF THE PLAN
  3.4 PLAN SCOPE
  3.4.1 Response Scope
  3.4.2 Resource Scope
  3.4.3 Incident Scope
  3.4.4 Communications Coordination Scope
  3.5 RECOVERY OBJECTIVES
  3.6 BENEFITS OF A RECOVERY PLAN
  3.7 EMERGENCY RESPONSE OBJECTIVES
  3.8 STRATEGY
  3.8.1 Short-Term Outage - Intra-Day
  3.8.2 Medium-Term Outage - Next Day to Six Weeks
  3.8.3 Long-Term Outage - 6 Weeks or More
  3.8.4 Recovery Phase
  3.8.5 Emergency Phase
  3.8.6 Back-up Phase
  3.9 MANAGEMENT INPUT AND COMMITMENT
  3.10 CONCEPT OF OPERATIONS
  3.10.1 Emergency Response Organization
  3.10.2 Normal Operations
  3.10.3 Emergency Operations
  3.10.4 Response Teams
  3.10.5 Support Teams
  3.10.6 Types of Emergencies
  3.10.7 Priorities
  3.11 ASSUMPTIONS

Preparation (57 pages)

There are many steps that a responsible company can take to prepare for a possible disaster which will reduce the risk, minimize the danger to staff, and reduce disruption to the organization's operations. This module addresses these preparedness issues.

  1 PREPARATION
  1.1 CRISIS MANAGEMENT
  1.2 VULNERABILITY ASSESSMENT
  1.3 FIRE PROTECTION
  1.4 ELECTRICAL SYSTEMS
  1.5 EXISTING DISASTER PREVENTION MEASURES
  1.5.1 Measures
  1.6 SECURITY
  1.6.1 Physical Security
  1.6.2 Logical Security
  1.6.3 Personnel Security
  1.6.4 Travel Security
  1.7 INSURANCE
  1.7.1 Business Interruption Insurance
  1.7.2 Other Coverage
  1.7.3 Claims Matters
  1.7.4 Conclusion
  2 EVENTS & SITUATIONS TO BE CONSIDERED
  2.1 NATURAL EVENTS
  2.2 HUMAN-CAUSED EVENTS
  2.3 TECHNICAL EVENTS
  2.4 EQUIPMENT FAILURES
  3 COMMUNICATIONS & PUBLIC INFORMATION
  3.1 EMERGENCY COMMUNICATIONS
  3.2 CRISIS COMMUNICATIONS
  3.2.1 Preparations
  3.2.2 Communications
  3.2.3 Set Responsibilities
  3.3 MEDIA RELATIONS
  3.3.1 Media Objective
  3.3.2 Emergency News Center (ENC)
  3.3.3 Understanding The Media
  3.3.4 Media Relations in a Disaster
  3.3.5 Press Releases
  3.3.6 Media Interviews
  3.3.7 A Single Spokesperson
  3.4 POLICE & FIRE PERSONNEL
  3.5 REGULATORY AGENCIES
  3.6 SUPPORTING DOCUMENT REFERENCES
  4 CUSTOMER SERVICES
  4.1 CUSTOMER COMMUNICATIONS
  4.1.1 Customer Information
  4.1.2 Customer Relations
  4.2 COMMUNITY ASSISTANCE
  4.3 SUPPORTING DOCUMENT REFERENCES
  5 EMPLOYEE SERVICES
  5.1 EMPLOYEE COMMUNICATIONS
  5.2 FAMILY COMMUNICATIONS
  5.3 FAMILY ASSISTANCE
  5.4 SUPPORTING DOCUMENT REFERENCES
  6 ADMINISTRATION & LOGISTICS
  6.1 FOOD & LODGING
  6.2 MATERIALS
  6.3 EMERGENCY CASH PROCEDURES
  6.4 RECORD KEEPING
  6.5 SUPPORTING DOCUMENT REFERENCES
  7 OUTSIDE ASSISTANCE
  7.1 CRITERIA FOR REQUESTING ASSISTANCE
  7.2 MUTUAL ASSISTANCE PROGRAM
  7.3 RECEIVING OUTSIDE CREWS
  7.4 RELEASE OF OUTSIDE CREWS
  7.5 POLICE/FIRE ASSISTANCE
  7.6 LOCAL GOVERNMENT ASSISTANCE
  7.7 FEDERAL ASSISTANCE
  7.8 SUPPORTING DOCUMENT REFERENCES

Response (13 pages)

This module discusses the actions that should be taken when during the onset of a disaster.

  
  1 ASSESSMENT
  1.1 DISASTER DETECTION AND DETERMINATION
  1.2 DISASTER NOTIFICATION
  1.3 AREAS THAT SHOULD BE REVIEWED
  1.4 WHEN TO ACTIVATE THE PLAN
  1.5 WHAT TO DO WHEN A CRISIS ERUPTS
  2 RESPONSE
  2.1 HOW TO ACTIVATE THE PLAN
  2.2 EVACUATION POLICY
  2.3 ACTIVATION OF A DESIGNATED HOT SITE
  2.4 DISSEMINATION OF PUBLIC INFORMATION
  2.5 PROVISION OF SUPPORT SERVICES
  3 FOLLOW-UP AND EVALUATION

Recurring Tasks (52 pages)

To ensure that a plan is up to date, meets the organization's needs, and that it can be carried out efficiently by the personnel concerned, it is important that the plan is properly maintained, bank staff are given suitable training, and that parts of the plan are regularly tested.

This module discusses these requirements.

  1 EXERCISING THE PLAN
  1.1 GENERAL
  1.2 EMERGENCY DRILLS
  1.3 EXERCISES
  1.3.1 Walk-Through Exercise
  1.3.2 Functional Exercise
  1.3.3 Simulation Exercise
  1.3.4 Full-Scale Exercise
  1.3.5 Hot-Site Testing
  1.4 SCOPE OF THE EXERCISE
  1.4.1 Component Exercise
  1.4.2 Plan Exercise
  1.4.3 Process Exercise
  1.4.4 Exercise Description
  1.5 EXERCISE FREQUENCY
  1.6 EXERCISE RESPONSIBILITY
  1.6.1 Exercise Management Team
  1.6.2 Application Team(s)
  1.7 DATA COLLECTION
  1.8 INTERNAL REVIEWS & CRITIQUES
  1.8.1 Evaluation
  1.8.2 Internal Tracking
  1.9 EXTERNAL REVIEWS & CRITIQUES
  1.9.1 Schedule
  1.9.2 Location
  1.9.3 Participants
  1.9.4 Agenda
  1.9.5 Action Item Tracking
  1.9.6 Acknowledgements
  1.10 TEST SUGGESTIONS
  2 TRAINING
  2.1 GENERAL
  2.2 WHO SHOULD BE TRAINED
  2.3 SPECIFIC FUNCTIONAL TRAINING
  2.4 TRAINING PHASES
  2.4.1 A Framework For Training Response Teams
  2.4.2 Pre-Planning Training & Awareness
  2.4.3 Planning Methodology Training
  2.4.4 Plan Role & Responsibility
  2.4.5 Pre-Exercise Training
  2.5 RESPONSE PROCEDURES TRAINING
  2.5.1 Purpose
  2.5.2 Building Accoutrements
  2.5.3 The Human Element
  2.6 PRIMARY PROCEDURES FOR EMERGENCY RESPONSE
  2.6.1 Fire Procedures
  2.6.2 Fire Safety Tips
  2.6.3 Bomb Threat & Search Procedures
  2.6.4 Evacuation Procedures
  2.6.5 Severe Weather
  2.6.6 Medical Emergencies
  2.7 SUGGESTED SCENARIOS
  2.7.1 Technological Accident
  2.7.2 Natural Disasters
  2.7.3 Business Crises
  2.7.4 External Threats/ Other Hazards
  2.7.5 External Threats due to Location
  2.7.6 Human Factors
  2.8 SUPPORTING DOCUMENT REFERENCES
  3 MAINTENANCE
  3.1 PURPOSE
  3.2 MAINTENANCE REASONS
  3.3 MAINTENANCE REPORTS
  3.4 MAINTENANCE SCHEDULE
  3.5 MAINTENANCE LOG
  4 AUDITING
  4.1 AUDITING THE PLAN
  4.2 AUDITING EMERGENCY RESPONSE PLANS
  4.2.1 The Plan Manager
  4.2.2 Determination of Criticality
  4.2.3 Resourcing
  4.2.4 Siting of Recovery Facilities
  4.3 COPIES OF THE PLAN
  4.4 STAFF TRAINING & AWARENESS
  4.5 OFF-SITE STORAGE OF DOCUMENTATION
  4.6 INTERDEPENDENCIES
  4.7 EMERGENCY RESPONSE & RECOVERY
  4.8 TESTING & EXERCISES
  4.9 MAINTENANCE OF THE PLAN
  4.10 DOES THE PLAN MAKE SENSE

Team Tasks (1,104 pages)

To effectively manage disaster planning and bank operations during a disaster, it is desirable to split staff into teams. This module suggests a very complete set of teams and identifies what the team needs to do during the period leading up to, during, and after an incident. For a smaller bank, some of these teams will be merged with each other.

  1 MANAGEMENT TEAMS
  1.1 EMERGENCY RESPONSE MANAGEMENT TEAM
  1.2 STEERING COMMITTEE
  2 MANAGEMENT SUPPORT TEAMS
  2.1 INCIDENT INFORMATION TEAM
  2.2 PLAN DEVELOPMENT TEAM
  2.3 SITUATION INSPECTION TEAM
  2.4 EXERCISE MANAGEMENT TEAM
  3 FUNCTIONAL TEAMS
  3.1 FINANCE TEAMS
  3.1.1 Finance Team
  3.1.2 Payroll Team
  3.1.3 Resource Control Team
  3.1.4 Billing Team
  3.2 COMMUNICATIONS TEAMS
  3.2.1 Communications Team
  3.2.2 Communications Center Team
  3.2.3 Emergency News Center (ENC)
  3.3 ADMINISTRATION TEAMS
  3.3.1 Administration Team
  3.3.2 Supplies Team
  3.3.3 Shipping Team
  3.3.4 Purchasing/Procurement Team
  3.4 SENIOR MANAGEMENT TEAM
  3.5 HUMAN RESOURCES TEAM
  3.6 LEGAL TEAM
  3.7 RISK MANAGEMENT TEAM
  3.8 ENVIRONMENTAL HEALTH & SAFETY TEAM
  3.9 PHYSICAL SECURITY TEAM
  4 OPERATIONAL TEAMS
  4.1 CALL CENTER TEAM
  4.2 CUSTOMER SUPPORT TEAM
  4.3 ORDER ADMINISTRATION TEAM
  4.4 ENGINEERING TEAM
  4.5 MANUFACTURING/PRODUCTION TEAM
  4.6 MARKETING TEAM
  4.7 SALES TEAM
  4.8 E-BUSINESS TEAM
  4.9 RECORDS MANAGEMENT TEAM
  4.10 LIBRARY SERVICES TEAM
  4.11 FACILITIES/MAINTENANCE TEAM
  5 I.T. TEAMS
  5.1 Mainframe Teams
  5.2 IT BCP Coordination Team
  5.3 Desktop Computing Devices Team
  5.4 Help Desk Team
  5.5 Help Desk Restoration Team
  5.6 Off-site Data Storage Retrieval Team
  5.7 Network Restoration Team
  5.8 Voice Communication Restoration Team
  5.9 Server Hardware and Software Team
  5.10 Server Room Operations Team
  5.11 Data Center Operations Team
  5.12 Database Administration Restoration Team
  5.13 e-Business Team
  5.14 e-Business Restoration Team
  5.15 Logical Security Team
  5.16 Website Restoration Team
  5.17 Failover Team
  5.18 Computer Hardware Team
  5.19 Computer Software Team
  5.20 Computer Operations Team
  6 BANK HEADQUARTERS TEAMS
  6.1 Finance
  6.1.1 Bookkeeping
  6.1.2 Proof
  6.1.3 Item Processing
  6.1.4 General Ledger
  6.1.5 Accounts Payable
  6.1.6 Asset Liability Management
  6.2 Information Technology
  6.2.1 Platform Automation
  6.2.2 Telecommunications
  6.2.3 Audio Response
  6.2.4 Client/Server System
  6.3 Retail  credit unioning
  6.3.1 Branch Coordinator
  6.3.2 Tellers
  6.3.3 New Accounts
  6.3.4 Customer Service
  6.4 Lending
  6.4.1 Consumer
  6.4.2 Corporate
  6.4.3 Residential Mortgages
  6.4.4 Credit Collection
  6.5 Operations
  6.5.1 ATM's
  6.5.2 Wire Transfers
  6.5.3 ACH (Automatic Clearing House)
  6.5.4 NSF Returns
  6.5.5 Clearing Processing
  6.6 Capital Markets/Investments/Secondary Markets
  7 BANK BRANCH TEAMS
  7.1 Retail  credit unioning
  7.1.1 Branch Coordination
  7.1.2 Tellers
  7.1.3 New Accounts
  7.1.4 Customer Service
  7.2 Information Technology
  7.2.1 Platform Automation
  7.2.2 Telecommunications
  7.2.3 Audio Response
  7.2.4 Client/Server System
  7.3 Operations
  7.3.1 ATM's
  7.3.2 Wire Transfers
  7.3.3 NSF Returns
  7.4 Lending
  7.4.1 Consumer
  7.4.2 Commercial
  7.4.3 Residential Mortgages
  7.4.4 Credit Collection
  7.5 Personnel/Human Resources
  8 RESPONSE TEAMS
  8.1 Emergency Reaction Team
  8.2 Emergency Assessment Team
  8.3 Emergency Command Center Coordination Team
  8.4 Response Administration Team
  8.5 Logistics/Supplies Team
  8.6 Response Finance Team
  8.7 Call Center Restoration Team
  8.8 Facilities/Maintenance Response Team
  8.9 Transportation Team
  8.10 Services Support Team
  8.11 Relocation Team
  8.12 Volunteer Coordination Team
  9 SALVAGE TEAMS
  9.1 Damage Assessment Team
  9.2 Records Salvage Team
  9.3 Building/Facilities Salvage Team

Key Data (37 pages)

Key data should be readily available to manage the recovery plan. If it is not readily available elsewhere, it should be included in the plan.

  1 INTRODUCTION
  2 APPLICATIONS
  3 BUILDING PLANS
  4 COMPANY RECORDS
  5 CRITICAL FUNCTIONS
  6 EMERGENCY SKILLS
  7 HARDWARE
  8 ALTERNATIVE WORK SITES
  9 INSURANCE POLICIES
  10 KEY CUSTOMERS
  11 KEY SUPPLIERS
  12 OTHER ASSETS
  13 SALVAGE EQUIPMENT
  14 SOFTWARE
  15 SYSTEMS
  16 TELEPHONE LIST
  17 VEHICLE INFORMATION
  18 VITAL INFORMATION

Additional Resources (10 pages)

Planning resources useful in creating and maintaining the plan are mentioned here.

  1 BINOMIAL RESOURCES
  2 CONTACT CENTRE RESOURCES
  3 OTHER RESOURCES
  4 ALTERNATE LOCATIONS
  5 CONTACT CENTRE VITAL RECORDS
  6 CROSS-TRAINING
  7 NETWORK DIAGRAMS
  8 AREA MAPS
  9 KEY HOLDERS
  10 EMERGENCY EVACUATION PROCEDURES
  11 EVALUATION OF CORPORATE THREATS
  12 SITUATION REPORTS
  13 ORGANIZATION CHARTS

Appendices (47 pages)

The appendices module provides forms and checklists for use in implementing the plan.

  1 RISK PERSPECTIVES
  2 INFORMATION CATEGORIES OF URGENCY
  3 THE BINOMIAL METHODOLOGY
  3.1 CURRENT SITUATION REVIEW & NEEDS ASSESSMENT
  3.2 THREATS & VULNERABILITIES
  3.3 BUSINESS IMPACT ANALYSIS
  3.4 ANALYSIS OF ALTERNATIVE METHODS
  3.5 IDENTIFICATION OF KEY APPLICATIONS & PROCESSES
  3.6 PREPARATION OF DRAFT PLAN
  3.7 TESTING
  3.8 PREPARATION OF FINAL PLAN
  3.9 TRAINING
  3.10 DEVELOPMENT OF MAINTENANCE PROCEDURES
  4 PLAN APPROACH
  4.1 HAZARDS
  5 EMERGENCY COMMAND CENTER
  5.1 PURPOSE
  5.2 LOCATION
  5.3 OBJECTIVES
  5.4 ORGANIZATION
  5.5 ECC FUNCTIONS
  5.6 ECC STAFFING
  5.6.1 Command Center Coordinator
  5.6.2 Command Support
  5.6.3 Information Coordinator
  5.6.4 Liaison Coordinator
  5.6.5 Safety Coordinator
  5.6.6 Medical Coordinator
  5.6.7 Facility Coordinator
  5.6.8 Policy & Planning
  5.6.9 Communications
  5.6.10 Logistics
  5.6.11 Finance & Administration
  5.7 FACILITIES & EQUIPMENT
  5.7.1 Facilities
  5.7.2 Equipment
  5.8 OPERATIONS
  5.8.1 Emergency Levels
  5.8.2 Operation Phases
  5.9 ECC FACILITIES CLOSING
  6 FINDINGS AT ACME BANK
  6.1 MISSION CRITICAL FUNCTIONS
  6.2 WHAT WAS FOUND
  6.2.1 Key Business Processes
  6.2.2 Our Findings At Acme Company
  6.2.3 Preventive Measures In Place
  6.3 CONCERNS (EXAMPLE)
  6.4 POSSIBLE EXPOSURES SPECIFIC TO ACME BANK
  6.5 RECOMMENDATIONS
  7 TRAVEL INSTRUCTIONS
  7.1 HOT-SITE DIRECTIONS
  7.2 OFF-SITE STORAGE DIRECTIONS
  7.3 OFF-SITE WORK DIRECTIONS

Preparing Your Plan

Watch The Video
( 5 mins, New Window )

This is potentially a lot of information for your bank to create and maintain.

You may find it easier and more cost-effective to start with our Binomial PlanBuilder for Business Continuity, which will both enable you to get your plan up and running quickly and make it easier for you to maintain your plan. (For an even quicker start, consider our Binomial JumpStart™ which combines software with on-site training and consulting.

The product pricing compares well with the do-it-yourself alternative. Why not try an evaluation copy and get started on your plan right away?