FFIEC Update to Business Continuity Planning Booklet- Appendix J Strengthening the Resilience of Outsourced Technology Services

Recently, the Federal Financial Institutions Examination Council (FFIEC) issued appendix J to the Business Continuity Planning (BCP) booklet of the FFIEC Information Technology Examination Handbook. 

Appendix J of the BCP Booklet discusses that a financial institution should ensure their technology service providers (TSPs) are providing resilient technology services.  According to the booklet, this includes:

  • Third-party management addresses a financial institution management’s responsibility to control the business continuity risks associated with its TSPs and their subcontractors.
  • Third-party capacity addresses the potential impact of a significant disruption on a third-party servicer’s ability to restore services to multiple clients.
  • Testing with third-party TSPs addresses the importance of validating business continuity plans with TSPs and considerations for a robust third-party testing program.
  • Cyber resilience covers aspects of BCP unique to disruptions caused by cyber events.

More information on Appendix J can be found here: 

Be Sociable, Share!
Any Questions? Call Us Today!
(888) 907-9902