Header:
KANSAS ADMINISTRATIVE REGULATIONS
AGENCY 121 DEPARTMENT OF CREDIT UNIONS
ARTICLE 2. BUSINESS RECOVERY--CONTINGENCY PLANNING
Date:
08/31/2009
Document:
121-2-1. Contingency plan.
(a) Plan establishment. Each credit union's board of directors shall develop and maintain a current written contingency and business recovery plan, which shall be referred to as "the plan" in this regulation, meeting the requirements of subsection (b). The plan shall provide an established basis for action if the credit union is affected by a disaster, whether natural, human, or technical, that causes a disruption of operations.
(b) Plan requirements. The plan shall establish specific processes and procedures to ensure a timely resumption of services and minimize financial loss to the credit union. The plan shall meet the following requirements:
(1) Identify critical products and services, including physical, technical, and human, provided by the credit union and by third-party service providers;
(2) identify, assess, and prioritize the credit union's exposure to specific and general risks, including the failure of credit union operating systems and the interruption of service from third-party service providers;
(3) state the key assumptions on which the plan is predicated;
(4) state the credit union's response to each identified risk, including steps to minimize the potential impact of the disruption;
(5) address data reconstruction and provide for secure and remote backup storage of data files, programs, and records;
(6) state the alternative responses to each event that could cause the interruption of service, if the credit union's response is dependent upon the anticipated duration of the service interruption;
(7) provide for the relocation of the credit union, recovery of necessary data and operating systems, and resumption of key or critical products and services; and
(8) provide for alternate methods to communicate with employees, members, business partners, third-party vendors, the news media, regulators, and other outside parties.
(c) Testing. Each credit union's board of directors shall annually conduct one or more operational tests of the plan for each identified key or critical product or service. The board of directors shall document the results of the test or tests, including identified weaknesses and corrective action taken.
(d) Plan review. Each credit union's board of directors shall at least annually review and approve the plan. The review and approval shall be reflected in the minutes of the credit union.
|