Your staff is focused on processing PPP loans provided through the CARES Act and working diligently to support your community. In a time like this, your bank can’t afford to experience service disruptions that can potentially cost time, money, and your reputation. Should your system be compromised or experience a shutdown, you need to know how you will be impacted and how your vendor will respond to help you recover. You need to be assured that your core vendor has a strong business continuity plan in place. Getting peace of mind from them just won’t cut it.
In this post, we will discuss how to validate your core vendor’s business continuity plan. Should the unexpected happen, you want to know that your core vendor has a proven plan to safeguard your bank and minimize the impact to your customers.
Validating Your Core Vendor’s Business Continuity Plan
How do you know your core vendor is doing everything possible to make sure you’re protected? To help validate and reinforce your vendor’s business continuity plan, you need to ensure that your vendor has the following:
- Your system is current and updated to protect your bank from cyber attacks. Recently, a big box vendor was running legacy software and they needed to make critical updates to that infrastructure. However, they chose to forgo these updates because they knew it would jeopardize their software system. Ironically, not running the updates left their operating system vulnerable and broke their data center. Cyber attackers were able to take advantage of these vulnerabilities, crippling the banks’ operations and preventing the bank’s customers from being served. Had the correct patches and securities been put in place to protect the systems, this situation could have been avoided.
- A fail safe procedure exists in the event of a natural disaster. Does your core vendor have an effective disaster recovery and business continuity plan? If a natural disaster occurs, how long would it take to recover the data needed to restore operations? During Hurricane Sandy, a big box vendor experienced a shut down, as a result of the storm. Although this vendor had met their own objectives during testing, when put into action, they failed. Unfortunately, they were unable to recover data and it took many days to restore operations. Using, this situation as an example, it’s important to know that your core vendor has a tested procedure with recovery time objectives that are proven to be successful.
- Proper disaster recovery testing is performed, and you are confident with the results. Your vendor tells you they have a business continuity plan and that they’ve handled shutdowns successfully before, but where’s the proof? Often, vendors have a disaster recovery, but when a shutdown occurs, a bank isn't able to use their data after it’s been recovered. Incidents happen, but it’s not the incident that matters as much as the outcome. Ask to see the results. Your vendor will also say they perform tests routinely. Ask if their tests have customer participation, how frequently they are conducted, and, again, what the results were.
Safeguard your bank from potential loss
To protect your bank during times of uncertainty, you need a core vendor with a strong business continuity plan that will protect your bank against the unexpected. Beyond a plan, you need proof that if something does go wrong, your core vendor can respond quickly.
At IBT Apps, our clients are at the forefront of our business continuity plan and we go the extra mile to give them confidence in our decisions. We practice what we preach when it comes to protecting your bank in the event of a disaster because we plan for the unknown.
Here are a few things that set our business continuity plan apart from the industry:
- Our systems are tested and proven. When our nation was experiencing the 2017 natural disaster of Hurricane Harvey, we found it an ideal time to perform our disaster recovery testing. By performing testing during an actual event, it gave us the opportunity to ensure our plan would work as expected. During this testing, we were able to demonstrate complete business continuity both forward and backward. This protected our customers and their third-party vendors.
- Our integrated systems allow for accurate information. Our technology stack is not siloed, so business continuity is maximized by keeping your data consistent across the enterprise. Your data is protected in multiple facilities and on multiple forms of media with special backups made throughout each day. These copies are then removed from internet and network access to further prevent any unauthorized access.
- We offer scheduled onsite visits to our data center. Outside of coronavirus and COVID-19 restrictions, we offer onsite visits to our data center for both prospects and clients. In this visit, they can see the extreme securities we’ve implemented to ensure their data is protected and they feel confident in our decisions.