the navis group ice storm test... · 2019-03-18 · the sisavings bkbank havenford, ct the bank...

December, 2009 Thank you for your participation in the ice storm / electrical outage disaster test conducted on December 1, 2009 by the Connecticut Bankers Association in conjunction with FDIC, Connecticut Department of Financial Institutions, and Agility Recovery Solutions. We hope and trust that the day was enjoyable and valuable. Your feedback reflects that such was the case. We hope that you also adopt the stance that our simulation, in providing more questions than tangible answers, will serve as a discussion starter in your own institution. Following is my personal assessment and observations of the day, attempting first to self‐evaluate the design of the test (with special thanks to all who generously contributed to my “post‐mortem” analysis), and then focusing on the performance and lessons learned. Test Design Any good scientific method testing starts and ends with an assessment of the design of the test, what went well, what could have been expanded upon, what should have been left out, and so on. Incorporating your feedback, and in no particular order of importance ….

For a disaster SIM, it was too smooth and unhurried. Our work session could have benefited from more “interruptions”. This is an interesting point of balance for these types of exercises. While attempting to have an underlying “task” to mimic in some small way the daily work responsibilities of bankers, these exercises provide many disruptions aimed at re‐creating the chaos that might be prevalent in a real disaster scenario. Our day ended up with a little more speaker and down‐time than envisioned, and a “post‐mortem” analysis indicates that our interjections could have been more voluminous. The comparative process priority lists made everyone think. In previous tests, process prioritization was limited to merely serving as a “qualifier” for which process sheets were given attention. The group responded very positively to the “publishing” of comparative results, giving the banks feedback to prompt further discussion, as well as providing our regulators with a tool to prompt discussion as well. As facilitator, I allowed a break in the simulation “flow”. The simulation is planned as a “timed” event, with slides and interjections correlating to “disaster time”. In order to

The Navis Group Enterprise Risk Project Management

accommodate the timing needs of one of the speakers, we went “off‐script”. This is the first time that we have done so for one of these events. As facilitator, my “lesson learned” is that we should not do so in the future, because certain disaster elements were “truncated”, which, in my opinion lessened our overall test experience.

Test performance By providing a main “task” to be completed under crisis conditions, we hoped to drive home the point that planning needs to be a proactive thoughtful process, best undertaken well in advance of a crisis, under calm conditions. Feedback indicates that the test was quite successful with this “heart of the matter”. The process plan templates defined specific banking processes across all business units, requiring a description of the process under normal operating conditions; a description of how the process be prioritized and “handled” during a significant business disruption; and what specific resumption procedures might be applicable before bringing that business process back online. 100 selected business processes were identified in advance. The processes were “mail‐merged” onto process worksheets and distributed to the teams. Each of the 7 SIM banks received 50 worksheets to contemplate. This distribution resulted in a total of 350 possible results, with each process potentially addressed by three of four banks. Our day was full of interruptions and deliverables, such that most banks never got to addressing the process details. This is not a criticism of those banks, as they evidently spent more time in deliberating the deliverables – in this test, either outcome is OK. The most important lesson learned from the process detail work is how banks undertook the task. What is clear from the materials is that the banks that did fill out detailed process plans considered the process risk assessment as a “qualifier” for the detailed work, meaning that high risk processes were given priority. The test is designed and facilitated in such a manner as to not “hint” at this sort of risk‐weighted prioritization. The lesson learned is that it may be wise to set aside insignificant processes and ensure that the bank have solid plans around top priorities. The incident response deliverables were complete with all 7 banks “reporting in”. The full set of responses have been scanned and are included herein. Clearly, lessons learned include chaos‐avoidance as a primary message. Cross‐functional debate, especially as indicated in simulated bank feedback, proved to be quite valuable as well, particularly where retail and lending personnel met support units, such as IT and deposit operations from other banks. Post‐event feedback also indicates that the need for clear delineation of authority and decisive leadership is key, especially where chaotic conditions require subordinating duties. We are appreciative of the presentations from Ed Goldberg and Mark Fanelli of Northeast Utilities, as well as Robert Kenny from the CT Department of Emergency Management & Homeland Security. Thanks also go to Bob Sargent from the FDIC and Todd Prout from the CT Banking Department.

Special thanks goes to my good friend Jim Flint, who provided some extra play‐acting theatrics to our day. Included in this electronic transmission of test documents is an Acrobat Reader (.pdf) file combining test materials (agenda, Powerpoint slides, and “script”), compiled incident responses, and observations and assessment of design and performance. We hope to continue to do this type of test. If discussions back at the bank bring issues or “eureka‐moments” to light, please share them with me to incorporate in future events and engagements. As an aid to facilitate discussion, I have posted 6 other disaster scenarios, along with some selected discussion points, out on the website www.navis‐group.com. If your bank wishes to have tests facilitated on site, please ask. Pandemic planning is especially suited to a single bank environment. David B. Sidon, CPA The Navis Group 1016 Washington Street, Gloucester, MA 01930 Cell: 978.495.0915 sidon@navis‐group.com www.navis‐group.com

Connecticut Bankers Association

Lights Out 2009 – A Full Immersion Business Continuity Test

Tuesday, December 1, 2009

Crowne Plaza Hotel, Cromwell, CT

Schedule 8:30 a.m. – 9:00 a.m. Registration & Refreshments 9:00 a.m. – 9:10 a.m. Welcome Lindsey R. Pinkham, Senior Vice President & Secretary Connecticut Bankers Association 9:10 a.m. – 9:25 a.m. Northeast Utilities – Storm Preparedness Ed Goldberg Business Continuity & Disaster Recovery Coordinator 9:25 a.m. – 9:55 a.m. Northeast Utilities – Storm Restoration Mark Fanelli Manager – Emergency Preparedness 9:25 a.m. – 9:55 a.m. State of Connecticut – Preparation and Response Robert Kenny Dept. of Emergency Management & Homeland Security 10:15 a.m. – 10:30 a.m. Setting the Stage David Sidon, Principal Navis Group 10:30 a.m. – 10:45 a.m. Refreshment Break 10:45 a.m. – 2:20 p.m. Ice storm Barry (with working lunch) Robert Sargent, IT Specialist FDIC Todd Prout, Banking Department Manager State of Connecticut Jim Flint Navis Group 1:00 p.m. – 1:20 p.m. The Realities – Agility’s Perspectives and Experiences Joseph Bracchitta, Alliance Director 2:15 p.m. – 2:30 p.m. Wrap-up & Adjourn

The SimulationToday’s Tasks:

SIM (10:50 – 2:15):•Develop select business process resumption plans under duress•Respond to regulatory demandsRespond to regulatory demands•Handle and document “incidents”•Forms – process, incident, responses

Takeaways:Post‐event documentation – 100 business processes prioritized, incident response reports, regulatory response reports and scenario documentation

The Navis Group

12:00 pm

Tuesday, September 23

10:00 am

Next : 12:05 pm Tuesday, September 23 ‐ 11:00 am

Th S i B kThe Savings BankHavenford, CT

The Savings Bank is a Connecticut chartered ‐ FDIC insured ‐ stock institution located in Havenford. The 102 –year‐old bank has just over $400 million in assets, and since its conversion to a stock‐owned institution 10 years ago is also required to fulfill the

l t i t f th SECregulatory requirements of the SEC.

The bank operates out of 7 locations within the Havenford area. The bank’s headquarters are located in a historic building on Main St in downtown Havenford. Branches have gbeen established in 5 other adjacent communities; 1 to the east in Port Haven; 1 to the west in Simtown; and 3 others to the south – South Havenford, and two coastal locations in Portbridge City and Bridge Beach. Two years ago, the bank opened an operations center in an office complex owned by one of the bank’s directors in a beautiful locationcenter in an office complex owned by one of the bank s directors, in a beautiful location along the shore of the Havenford River in Riverpark, downriver from the historic tourist attraction, the Ye Olde Havenford Dam. The ops center is in a two‐story building, housing the deposit operations, loan servicing, and technology groups, as well as the bank’s call center.

The Navis Group


The bank outsources its core computing with the CT OpenServ Center (COSC). The IT group and the server room, which houses the banks’ servers and communications equipment, are, of course, located on the 2nd floor of the ops center. The Call Center is l l t d th 2nd fl dj t t h th H i t l ti talso located on the 2nd floor, adjacent to where the Horizon telecom connection enters the building. The deposit and loan operations groups inhabit the first floor of the ops center.

The bank has contracted for 5 “seats” at OpenServ’s disaster site. The bank has conducted disaster drills with COSC that have resulted in the acquisition of a designated server, pre‐loaded with specified software, that is housed at the hotsite. The disaster site maintains sufficient generator capacity to meet the contracted needs of its client banksmaintains sufficient generator capacity to meet the contracted needs of its client banks. None of the bank’s locations are equipped with a generator.

The Navis Group


Electrical power to the bank is provided by Excellent Electric, a large regional provider known for their “Keeping you turned on night and day” slogan. The bank recently decided to purchase a generator for the operations building as part its continuity l i Si th t i d t i ti t k th b k hplanning. Since the generator is due to arrive sometime next week, the bank has

foregone replacing the dead back‐up battery supply for the elevator.

The bank is a full service institution, offering personal and commercial products, Internet , g p p ,banking with bill‐pay, telephone banking, and, after successfully implementing branch capture, has plans to roll out a merchant capture program for select commercial customers. The bank maintains an ATM at each of its sites, including the ops center.

The Navis Group

On your bank’s table

Bank description

Org chart form (1 for delivery; one to retain info)

Incident response formsIncident response forms

“Deliverable” checklist

The Navis Group

Bank organization

Org Chart and BCP Call Tree is first “deliverable”Due at 10:45 – submit to FDIC

Key assignments:

Emergency operations directorPublic relations spokesperson

bl bLegible Scribe

The Navis Group

PProcesses

Process descriptions compliments of Wolf & Co.p pProcess list correlates with WolfPAC process “tree”

Process priority is second “deliverable”Process priority is second deliverableDue at 11:50 – submit to FDIC

Rate each process as high, moderate, low priority in disruption scenario

Break

The Navis Group

S tti th StSetting the StageDawn breaks on Monday November 30th to reveal a sparkling late autumn day and you look forward to tidying up a few loose ends before the 3:00 kick off for your son’s last JVlook forward to tidying up a few loose ends before the 3:00 kick‐off for your son’s last JV game. Who cares that you have to sit through some regulatory update on business continuity planning before the game; it’s a beautiful day, although the weatherman says that wet and colder weather is headed our way this evening.

It’s been a busy couple of months at our institution as the competition for deposits and loans between all the local institutions has been intense. Large scale marketing campaigns touting the service quality of community banking have been the norm; “ourcampaigns touting the service quality of community banking have been the norm; our service is second to none”, “our hours are more convenient than their hours”, “introducing ROBO‐deposit, on site deposit capture – could it get more convenient?”, and so on. Our merchant capture program is all set to go live Wednesday (the day after tomorrow) with a dozen select customers. Full page ads ran on Friday and again today to compliment the cable TV and radio promotion that has been running now for two weeks to promote Wednesday the 2nd as a big, big day.

The Navis Group

S tti th StSetting the StageMeanwhile, back at the bank, the regulators are in‐house – the FDIC is on site conducting an IT exam We’re in pretty good shape as long as they don’t look too closely at ouran IT exam. We’re in pretty good shape as long as they don’t look too closely at our disaster plans (our process priority designations could still use some work); we’ve scurried around to tune up our GLBA risk work just ahead of the arrival of the examiners, so we don’t expect much commentary there. Looking to maintain our “2”.

The Navis Group

S tti th StSetting the StageIt’s a typical Tuesday. The operations group is a little crazed this morning due to some weekend technology updates that haven’t quite been finalized This morning’s surpriseweekend technology updates that haven’t quite been finalized. This morning’s surprise ice didn’t help either. Some folks arrived late due to some serious traffic tie‐ups, but boy, the ice on the trees sure is a pretty sight! It should be even a more spectacular sight when the sun eventually comes out. It’s almost eleven a.m. and some of the back‐office routine functions have yet to be completed, notably today’s ACH transmission.

Everyone’s a little on edge today because of the IT exam in progress, as well as an Executive Committee meeting that included the CEO and Board Chair There are a fewExecutive Committee meeting that included the CEO and Board Chair. There are a few important wire transfers waiting for authorization once the officers shake loose from that meeting. That meeting just broke up a few minutes ago and the CEO and Chairman are on their way down from the third floor in the elevator.

And then, at 10:51 …

The Navis Group

As you begin…..Cellphones !Cellphones !

LEAVE THEM ON !

!!!!!RINGER SET ON LOUD !!!!!

TAKE THE CALL !!!!

Welcome to “Lights Out”, where you are your own chaos !

The Navis Group

Tuesday, December 2

10:51 am

Next : 10:55 am Tuesday, December 2 ‐ 11:00 am

Seminar TimeBegin End Day Date Time

9:05 9:10 Lindsey Pinkham Introductions9:10 9:25 Ed Goldberg Northeast Utilities ‐ preparedness9:25 9:55 Mark Fanelli Northeast Utilities ‐ restoration9:55 10:15 Robert Kenny CT Dept of Emergency Mgmt / Homeland Security10:15 10:30 Dave Sidon Setting the Environment ‐ distribute orgchart Review SIM expectations, deliverables,etc10:30 10:45 Break10:45 Banks Orgchart / call tree complete ‐ submit to FDIC10:45 10:50 Dave Sidon Setting the Stage ‐ moments before ….. What's happening "right now" at the bank10:51 Tues 12/1/2009 10:51 AM Dave Sidon Lights out ‐ no phones, no network, no info Set "ambiguity" ‐ cells OK? ‐ branches?10:55 Tues 12/1/2009 11:00 AM Banks Main office calling branches for status11:00 Tues 12/1/2009 11:15 AM Banks working on set of status questions

11:05 Tues 12/1/2009 11:25 AM Jim Flint First Radio Report ‐ WCBA Radio Reports of widespread power outages throughout CT ‐ stay tuned11:10 Tues 12/1/2009 11:40 AM Banks continue to work on status questions11:15 Tues 12/1/2009 11:50 AM FDIC FDIC request for BCP process priority lists Coincidently, FDIC due in on Wed for BCP audit

11:20 Tues 12/1/2009 12:00 PM Jim Flint Second Radio Report ‐ WCBA RadioExcellent Electric reciving calls from all over the state ‐ emergency mgmt teams reporting in

11:25 Tues 12/1/2009 1:00 PM Banks File status questionnaire with State Banking Office11:30 Tues 12/1/2009 3:00 PM Banks working on process priority lists Agility "visits" & communication commences

11:35 Tues 12/1/2009 5:00 PM NE Utilities Radio Press conference ‐ rep from Excellent Electric . Initial assessments are that as many as 200,000 customers might be affected.11:40 Tues 12/1/2009 7:00 PM Banks working on process priority lists11 45 W d 12/2/2009 7 00 AM NE U ili i R di P f f E ll El i

SIM Time

CONNECTICUT BANKERS ASSOCIATION"Lights Out" A Full Immersion Business Continuity Simulation

Crowne Plaza Hotel, Cromwell, CT Tuesday, December 1, 2009

11:45 Wed 12/2/2009 7:00 AM NE Utilities Radio Press conference ‐ rep from Excellent Electric11:50 Wed 12/2/2009 8:00 AM Banks Process priority lists due11:55 Wed 12/2/2009 9:00 AM CT DEMHS Radio Press conference ‐ DEMHA's reponse

12:00 Wed 12/2/2009 10:00 AM All handsCustomer demands begin; FDIC & State visiting with questions about status reports

12:05 Wed 12/2/2009 11:00 AM

12:10 Wed 12/2/2009 12:00 PM Lindsey PinkhamRadio Report ‐ Governor appoints task force to meet next week ‐ announces lunch

12:15 Wed 12/2/2009 1:00 PM Banks Banks begin to consider mobilization to disaster site Agility mobilization "visits"

12:20 Wed 12/2/2009 2:00 PM CT Banking Announce that banks must file details of mobilization to hotsite12:25 Wed 12/2/2009 3:00 PM Banks Hotsite Mobilization report due Lunch occurring at this time12:30 Wed 12/2/2009 4:00 PM Dave Sidon Process priority lists back to banks Lunch occurring at this time12:35 Wed 12/2/2009 5:00 PM NE Utilities Radio Press conference ‐ rep from Excellent Electric status report ‐ vague12:40 Wed 12/2/2009 11:00 PM Jim Flint Ops Center break‐in Call officers down to the bank (set up desk)12:45 Thurs 12/3/2009 7:00 AM12:50 Thurs 12/3/2009 9:00 AM FDIC and State "audit" process priority differences12:55 Thurs 12/3/2009 10:00 AM1:00 1:20 Thurs 12/3/2009 11:00 AM Joe Bracchitta The Realities ‐ Agility's perspective and experience1:20 Thurs 12/3/2009 1:00 PM FDIC and State "audit" process priority differences1:25 Thurs 12/3/2009 3:00 PM1:30 Thurs 12/3/2009 5:00 PM Banks Break‐in incident response reports due1:35 Thurs 12/3/2009 6:00 PM1:40 Fri 12/4/2009 7:00 AM NE Utilities Radio Press conference ‐ rep from Excellent Electric announce power expected back by noon today1:45 Fri 12/4/2009 12:00 PM All power restored1:50 Fri 12/4/2009 4:00 PM Banks What's happening this evening at the bank Incident response to be filed1:55 Sat 12/5/2009 8:00 AM Open2:00 Sat 12/5/2009 2:00 PM2:05 2:10 Sat 12/5/2009 6:00 PM Banks What were biggest obstacles to re‐open today? Incident response to be filed2:15 2:30 Dave Sidon Wrap‐up discussion2:30 2:30 Lindsey Pinkham Thank You & Adjourn2:30 2:30 Lindsey Pinkham Thank You & Adjourn

BANK: 1st bank 3rd Bank 5th Bank 7th Bank

Business Process Business Function Priority Priority Priority Priority1 Residential Mortgage Loan Origination and Approval Branch: Onsite Loan Application and Information Gathering L L L L2 Residential Mortgage Loan Origination and Approval Underwriting and Approval L L L L3 Residential Mortgage Loan Origination and Approval Loan System Input and Disbursement L L M L4 Residential Mortgage Loan Origination and Approval OFAC /ChexSystems/NCPS Lookup L L M L5 Residential Mortgage Loan Servicing Posting Residential Mortgage Loan Payments M L L M6 Residential Mortgage Loan Servicing Construction Loan Disbursement Processing M L M L7 Consumer Loan Origination and Approval Branch Originated: Loan Application and Information Gathering L L L L8 Consumer Loan Servicing Home Equity Loan Advances H L H M9 Commercial Loan Origination and Approval Participation Loan Underwriting and Approval L L L L

10 Commercial Loan Servicing Loan Review and Quality Assurance L L L L11 Commercial Loan Servicing Commercial Line of Credit Advances H M H M12 Problem Loan Monitoring and Loan Workout NSF Checks & Forgery Collection M L L L13 Demand Deposit and Statement Savings Account Origination and Setup OFAC/ChexSystems/NCPS Lookups on New Account Customers L L L L14 Demand Deposit and Statement Savings Account Servicing Posting Mail Deposits H M M M15 Demand Deposit and Statement Savings Account Servicing Customer File Maintenance and Review M L L L16 Item Processing Incoming Cash Letter Processing H H H H17 Proof Operations Daily Cash Balancing H H H H18 CD Account Opening and Setup Branch: Opening and Setting‐up a New Personal CD Account M L L L19 Retirement Account Origination and Setup Branch: Opening and Setting‐up a New Personal Retirement Account L L L L20 Retirement Account Servicing Setting Up IRA Distribution Transactions L M M L21 Internet Banking Processing Mailing Passwords M L M L22 Telephone Banking Processing Processing Telephone Banking Transfers H H H M23 ATM/Debit Card Servicing Hot Carding and Canceling Cards M H H H24 ATM/Debit Card Servicing Filling and Balancing ATM Machines M H H H25 Wire Transfer Services Incoming Wire Transfer Receipt and Verification H H H H



Business Process Priorities ‐ Group 1 ‐ Processes 1 through 50

BANK: 1st bank 3rd Bank 5th Bank 7th Bank

Business Process Business Function Priority Priority Priority Priority




26 ACH Processing and Maintenance Daily Outgoing Cash Letter Verification H H H H27 Audit and Compliance Information Security Reviews L L L L28 BSA Regulation Management Suspicious Activity Monitoring M L H M29 Corporate Governance Full Board Meeting Package Preparation and Minutes Recording L L L L30 Accounts Payable Processing Accounts Payable Payment Processing M L H H31 Controllership Fixed Asset Accounting L L L M32 Financial Reporting ALCO Reporting L L L H33 Human Resources Management Health Plan Administration L M L L34 Marketing and Sales Producing Press Releases M H H H35 Marketing and Sales Coordinating Public Relations M H L H36 Information Technology and Information Security Management Providing Data Backup H H H H37 Facilities Management Monitoring Cameras & Alarms H H H H38 Records Retention and Destruction Archiving to Retention Requirements L L L L39 Residential Mortgage Loan Servicing Tax Processing and Escrow Analysis L L L M40 Consumer Loan Servicing Loan Billing M L L M41 Commercial Loan Servicing Posting Loan Payments H L M H42 Commercial Loan Servicing Environmental Consultant Review L L L L43 Demand Deposit and Statement Savings Account Servicing Taking Stop Payment Requests H H M H44 Proof Operations Teller Balancing H H H H45 Safe Deposit Box Processing Lock Changing L H L L46 Treasury, Tax and Loan Processing Teller Receipt of TT&L Payments H L M H47 Credit Card Account Servicing Payment Processing H L M H48 Proof Operations Federal Reserve Account Proof H H M H49 ATM/Debit Card Origination and Setup Compromised Card Monitoring M H M H50 ACH Processing and Maintenance Receiving ACH Files H H H H

BANK: 2nd Bank 4th Bank 6th Bank

Business Process Business Function Priority Priority Priority51 Residential Mortgage Loan Origination and Approval Online: Loan Application and Information Gathering L L L52 Residential Mortgage Loan Origination and Approval Loan Closing‐Attorney L L L53 Residential Mortgage Loan Origination and Approval Selling Loans to Investors L L L54 Residential Mortgage Loan Servicing Loan Billing M M M55 Residential Mortgage Loan Servicing Interest Rate Index Changes M L M56 Residential Mortgage Loan Payoff Posting Loan Payoffs H H M57 Consumer Loan Origination and Approval Branch: Loan Closing L H L58 Commercial Loan Origination and Approval Loan Underwriting and Approval L M L59 Commercial Real Estate Loan Origination and Approval Loan Analysis Write Up L L L60 Commercial Loan Servicing Loan Billing M M M61 Commercial Loan Payoff Collateral Releases L L L62 Demand Deposit and Statement Savings Account Origination and Setup Customer Service Center: Opening and Setting‐up New Personal Account L L M63 Demand Deposit and Statement Savings Account Servicing Posting Deposits and Withdrawals H H H64 Demand Deposit and Statement Savings Account Servicing Branch Capture H H H65 Demand Deposit and Statement Savings Account Servicing Processing Stop Payments M H M66 Item Processing Statement Rendering L M M67 Proof Operations Securing Vault and Teller Cash H H H68 Passbook Savings Account Servicing Posting Deposits and Withdrawals H L H69 Retirement Account Servicing Posting Deposits and Withdrawals on Retirement CD Accounts M L H70 Safe Deposit Box Processing Application Processing and Opening L L L71 Internet Banking Processing Setting up Customers for Bill Pay L L L72 ATM/Debit Card Origination and Setup Encoding PINs on ATM/Debit Cards M H M73 ATM/Debit Card Servicing PIN Reset M H M74 Wire Transfer Services Branch: Originate Wire Transfer Request H H H75 ACH Processing and Maintenance Processing ACH Transactions H H H




BANK: 2nd Bank 4th Bank 6th Bank

Business Process Business Function Priority Priority Priority




76 Audit and Compliance Internal/Operational Auditing L L L77 Audit and Compliance Compliance Monitoring L M L78 Call Center Processes Answer Inbound calls, messages, e‐mails H H H79 Accounts Payable Processing Creating Accounts Payable Vendor Accounts L L L80 Controllership GL Input and Posting M H M81 Asset Liability Management Investment Accounting M M L82 Human Resources Management Payroll Processing H H H83 Human Resources Management Disciplinary Procedures L L L84 Marketing and Sales Updating Internet/Intranet Sites H L H85 Information Technology and Information Security Management Firewall Maintenance L H H86 Vendor Management Vendor Due Diligence Review L L L87 Facilities Management Physical Security Management H H H88 Residential Mortgage Loan Servicing Loan File Imaging L L L89 Residential Mortgage Loan Payoff Loan Payoff Quote Preparation M M M90 Commercial Real Estate Loan Origination and Approval Pipeline Tracking L L M91 Commercial Loan Servicing Management and Board Loan Reporting L L L92 Demand Deposit and Statement Savings Account Servicing Selling Treasury Bonds M L L93 Item Processing Branch Item Processing Pickup H H L94 Passbook Savings Account Origination and Setup Branch: Opening and Setting‐up a New Personal Passbook Savings Account L L M95 Safe Deposit Box Processing Customer Visitations H L M96 ACH Processing and Maintenance ACH Loan Payment Origination H L H97 Credit Card Account Servicing Replacement Card Ordering M H M98 Proof Operations Back‐Office: Opening and Setting‐up a New Personal CD Account L L M99 ATM/Debit Card Origination and Setup ATM Machine/Account Balancing H H H100 BSA Regulation Management CTR Preparation and Transmittal M H M



INITIAL ASSESSMENT AND STRATEGIES

I BANK:

Power went out at 10:51. No generators, and except for the server rooms, no battery back-up. The UPS foreach server allows for a 15 minute shutdown period.

What are the procedures for this event for the main branch?

Were the branches contacted for an assessment? What were they told to do? What is the follow-up?Timetable? Security concerns? Vault?

c?LIIIK fL~ i ftW0 ..1(J~

Irc~J~/·n.-'-5 ---lir7VJL c}r/U.. crtlfe ;/[5/11 dr-Dp

Rer C<A-S Ir- er -J" oAe-y- 6~ 64"'5 Ii o.A< I AM" / cn-'?r

L E1R 1, P UW~y ,e,sfo rA-f,' lJr-... .

{~iVLj~c,! /-10 I -,rJe- ~ f r-e.r t7~

,Pr-e-n OVIJ Lr"Y'"'

Are there shutdown procedures for the admin and ops building? If so, what are they? Timetable? Securityconcerns? Does everybody (or anybody) in the ops building know what to do? And yes, the CEO and Chairmanare trapped in the elevator between the 1st and second floor. Action steps?

5?~v + daW" ,Se..v v e-r=» l~~ 6Af4-; r-'/!5

Vf> f-0TS 0 tI1ri b! C1.N:. ~/( /rt4l/Aed

('C011 F,-N:. j)-¥f /-0 /~ .Clf-~ -e. et/~~

How long do we "wait and see" if the power returns? What is management saying to the branches as a timepasses?

2 lo-urs

What are the biggest back-office concerns if power is not restored soon and processes interrupted remainpartially complete, posted or transmitted? Have the stand-in limits for ATM and debit cards kicked inautomatically or was there a need to "trigger"?

e-'Ct4L

~/~4rM; hCr,(/~

S/~d-lnU-o / o-z-ue r:

f"JJ0T5

/ ;b~JI- t/ -li~1d,'d IhOr-U /-v~~ft' ca-{!y

2


Crowne Plaza Hotel, Cromwell, CTTuesday, December 1, 2009


I BANK: ~V\c.JPower went out at 10:51. No generators, and except for the server rooms, no battery back-up. The UPS foreach server allows for a 15 minute shutdown period.


~ a..s s e S~ 8~'-\\,)G.\-"'o-", _

cz,\\ 0~u 10, ctv\. c"'-.tZ. s,

l.01i..{'-~ ovt- ,e.C..c2..~f'-S :;.. ""'fh)\-- 1 G".~

l\o(...,tC., IILf~.''\ ec S


C)~'«"~ ~\()c-es-s~f16~c.l.. Co\\o"';:' J), ~

I c<-- f ar: fYl S.

IC--..u <2- V' <=.c:,rc...~ ~iDee •..,

1

-~~--~~--~--~~~--~--~----------------------~Are there shutdown procedures for the admin and ops building? If so, what are they? Timetable? Securityconcerns? Does everybody (or anybody) in the ops building know what to do? And yes, the CEO and Chairmanare trapped in the elevator between the 1st and second floor. Action steps?

"'~~) ~e ~e. .i)\R ~~l2S, ~ P-.:>ll oot J)/R Pi,,-~'6.e c o ce. -e..c.-cf." ~c...~ ( : {. 6 Q/lr-J f'Itl6X' ~ ~(f~{--('d 4-0 ~ hu/ld/n7J~

C Om IY) cJ/I.'ccJ/ O/J 0 c.J f~(/Ml tJ/'~ ~

~ rCtIl'-~5 - L.0 ~:f.r.e &c-drct "'0 ~\1J\5.-\--tvaL' a""~

wt \:';re' J)..e.fro.fi~~f ):or lao!,le ,r"'r ~/~(/=-fOY

f\~se~ <9{>$ c..('€-~ QOI't\ r\.e.-\--~oo'\ cY;-~d-I v I l-';}

:5~dl If' ~5S ...QS5 ~ ~~c...$'<


of

\-ol~ rC-"51~{


ba-/ '0 f/c/{ oJ

/I--~ f,oe-e-S5. aF4

2


LO\\.e-c\ othc.r bro()c.hc.s --tv o\~'r-e.. who na.d P£N-Je..r'in ('e..c!".,:!.ct"' c.-us1-vrnG<$ _ NIp.- I no ?C}\.r.J~

1'I\u.\f)~Cl.ncc. c..hec..kJ<'\.q cdl other e.k:"c.::fvy-s·-to d-e..~~ o-~e.k: cdu-rsj.+ llf .$ f\J< ..•.r".'"\'1 0, o;-tv\...-+r~pe.d ,...No oo-e- -tI~p ~d ov+ o-~po

l..b. I~ t h o+he..r e.r-Y\ok)u-e.;.::..~Rtc.-rcUt eorrr6c;t'\ r.q ~ no$c.- 'lV'ef 00C- ~ I-I

_ , , -\ .. 1:;1:' ,_.-J- of out~qe..-\-D oc.+C.A.(Y\; rc«: ~ c <!it, «'" '"'7 C;'<-K:-rl'I

L6 c.k..vuv \--\- * t\.ot' 5cl .-+1 i"I\-C..i'S

ESJOOJa-\e.. 1o\J'\din4 in O-f>pro'>(\'{)')c..;.,wy -ei'1'\plO\..\-.:::.es fZl dC.5\1~~ _ G.l...ls·to1Y\e..r5 OS ked -h:> ie-ivrn wh·c.t"\- ~re:tu(r\S wvd./cr t;5& ol+CUC breo-ce:.r.




I BANK: Sit-V l \f\[ G- S

Power went out at 10:51. No generators, and except for the server rooms, no battery back-up. The UPS foreach server allows for a 15 minute shutdown period. ~

. 0'" pWhat are the proce~ures for this event for the main branch? -,'"e.-"'..J~ c/

Ledl fflr-e. De.p+- -fO-- people.. +r-o...ppedl\- local ~ j·Fa-{a~loble I 0'- qll

croSe:.. br~ (~jS;j16~t:c.., (oel< up '); f)·form (J.js-h:>mCT5~e-+ pc.opk... ou+ of2 V'aul+ Who ore. -+'u..ppe...dp.vt- :5\G\",. l'~ :to Cedif~e::I= =-!tJ b't::Q'ldycs WI~ rt9"'Y~do not ~nCNv' wt\-c.n f'o"-Nei Win be.... bCtc..k up - ·~cill-h'c:..$ .~

.lnu·Je.n+ ResponSe- It::-01YI Cjafuer5 e f'J\Q\'", o.m~

1

-~here shutdown procedures for the admin and ops building? If so, what are they? Timetable? Securityconcerns? Does everybody (or anybody) in the ops building know what to do? And yes, the CEO and Chairmanare trapped in the elevator between the 1st and second floor. Action steps?

~ (~re.- De-V+ on wo.,/ +0 e.'JClWcrtc. a::O/c..\t1o'r~5d'dy ~~-tvr-;I"\ CWS buildid1q +e -exv.roi ..,c... 1()+c.n...noJ ~

+Q'( dClfn~e - ~"CtwodG non-u;-nc.-c.l J bv+- be- o. call\I Cy-i-\i c.a.1 k s+qf(' ~ w~14) i(\s-1YL5c.:n on -t+\cd- \-.f- \:::Ju~ld\<'oCf

be-co(YI.e..s lh,\,.{")noJoI-+c...bLe

M~vu.1 fro c..:::..ssl~ of .-t-\CLY"l:5 4.lcJ-i on 5, a.S nee e-Ssor Lt


Non- csSe..rrful .5e.n+- hOfhe.. »t: -\--old --fnot" \N{c\e~spreadou+uqe '" iho~ c.lC:Ge \j\ldt \:/c. 60 Gall

£5 Sc:rt\-\o\ ~""I

As 500() as r-eope.n W\\\ (...ol'l+-ctc::;t-yYy(::.chqI use. .In0uve..+,

e..-+G. -\-0 i<rfcy m C-\.J s+Ocne.l"S

What are the biggest back-office concerns if power is not restored soon and processes interrupted remainpartially complete, posted or transmitted? Have the stand-in limits for ATM and debit cards kicked inautomatically or was there a need to "trigger'?

5-\--o..nd- i() \i rn\~ kic::..k- - \ .'\. ov-tomo;t-;.GO. U'{I.dc..rrh:.C..,j --tro....nSQ.diOflS nor ~\e..--K.d ...

\ Y dlC\ kY'CN'J \}oJ ha::r n.~sfj-mpp~~+S, Wtt'e..., c:..--h.... So

"proCC-S$<ij'-q ~&.rs+

2

CONNECTICUT BANKERS ASSOCIATION"Ll ht 0 "Ig s ut A Full Immersion Business Continuity Simulation



I BANK:

Power went out at 10:51. No generators, and except for the server rooms, no battery back-up The UPS foreach server allows for a 15 minute shutdown period. .

What are the procedures for this event for the main branch? e.u. ,~~4t~ .-tz:, ~ 14t 1'-' ..•...v,n I ~ (Ot~<..!D

8CtILK ~ <;:1~. r~cu0C ~ bp---vt~~ --l-v k 1fLt4.--(· O'r ~

1-od<- -+Ii0L Joerv. p,* --+v& ~ -4-= L",d~ F~~

-to 62.,Q~.e-.-.0~ \,0 ~ (n) . Us;;e. +t--a- ~Cj ~~

~~ '$ &-~T~ ·~U<~~E-~~eu.:\ 6~R 1e-e P""'-f'~ ~ ~. .ic:»'o"';tcL:r ,If ~ I~ -+WL ~~ ,~ rooCo~ -5~ <ge/vl..~~ ~ ~~lOV)~ F lA~_

",!ere the branches contacted for an assessment? What were they told to do? What is the follow-u ?

Timetable? Security concerns? Vault? p.

Wl .-t-k.>L ~ eJ...Q..<J _--tz> ~ \~ '4key ~~'f0k9c.-..L.~~~~ ~~ p-L~ an~ly

~~# ~~+ 1IO()()K ~1A~.~ 9f -+~ 6~~ ~ (fQ>V.A.- ~ ~-4v'1(

-+~~ Y-~ di::J<lOl~~ k~~

C l()3C2-. 4l.&- &DOY ~ "vJ6V'- loeF~e r6~

1

Are there shutdown procedures for the admin and 0 s buildin ?concerns? Does everybody (or anybody) in the 0 bP'/d' k g. If so, what are they? Timetable? Securityare trapped in the elevator between the 1st and ps Ul

dfling now. what to do? And yes, the CEOand Chairman

secon oor. Action steps?

Yoo ~ ~~ 7 ~ (5'c- »+ -4--WL ~eA~0:r 4r

~"~ ... ~~C:-~'1=) ~ w-<'H, lO~ ~'-.--J~ .1""" oft-..

-\-L<z-.. c~ S~· 1/1" 4,Go ~(j~ -\--~~

,'" --\i,J- ~b"y ')I,\.O'r'--'S, ~~ ~ ~ f'0~1~ ~ 10~ i.JG.~ . <!>f- '" d·) &J2.t --\-e.J2- ,;;: "'f' ~..,.y

r1~.~~"l li~~'on.

How long do we "wait and see" if thpasses? e power returns? What is management saying to the branches as a time

~ fif d. '" O"VS· If ~ ~cz. lAM

!A lO'() 4'-v ,'5~ ~ f'~~ ~~'vt..

G.Qt .~ lo~", ~ ~~ 4--"~ ~ Io ~ ~

~) + lr 0 \"'01>'-L. «es1.f' ~ ~~ 4- ~-\-e.llOL ~'I :).' ()O 'f'M-. \-¥- rp~ lS n o+ s:~\U 0Vl

~2 ~ ~ '00 h6"M.L.~

What are the biggest back-office concerns if power is not respartially complete, posted or transmitted? Have th t d-i t~re.d soon and processes interrupted remainautomatically or was there a need to "trigger"? e s an -rn lmlts for ATM and debit cards kicked in

G~(5~ 1oot~9:1c:P-tMJ ATK Jk?-C'~ k I,,",*~_\11'Y\_l)'IV\ ..>-l-? 3-t..~ 1~ 'A6 f~~~t ~o-{- 0015¥ ~()~ ee~11 ~ ~

D~+ ~ l"?) ~~~ lo~~.~ ,'g, .~O+- ~. +z, Ot~II\I"'cu1~ -\-VJL.- 'l<)~+

,'-5 ~~~

2

CONNECTICUT BANKERS ASSOCIATION"Li ht 0 " ..g 5 ut A Full Immersion Business Continuity Simulation



I BANK: S-di.. SCi V I', A- A 'R <.;'""k.. 1Power went out at 10:51. No generators, and except for the server roomeach server allows for a 15 minute shutdown period. s, no battery back-up. The UPS for


~ll ~ GrLAn:hJ S ILf\Sttw cJ-- i 10Vh -to clClOY1S r Posi--s1@lSI\- We¥- up ~Ll'lQJ/\ ~ _ \J

7' ~ I'-'-(LS \))\ \ \ De \:nwetJ- dWX\ -C- blU\ VI ch.s 40- los+- 0JfrZ

-: CCV\-b\- II \lotSI~" 40 (W\tm~ ~ pO-:i1bU. Uk

':> ~TW-~\,-kS' -io up~ S\~~CY'\ \ illk~

~~ ~~0Jn~ --0 A-~ ~c\~-h-e-~ S+tt~~·-~~~ FsmruL

",!ere the branch~s contacted for an assessment? What were they told to do? What is the follow-u ?

Timetable? Security concerns? Vault? ---=- p.~ -.;;:::;:;:::= c:::::..

1

3hO\.XL5

Q""h \ \\CA¥L ~~Y\~i(\ COlQ.~-LY\~lt®ck5 -

> \~ upt-o 3 ftAs bRAY\ c~ mb tL +- ~ \ CYL bYl(W\cJr\

1~SCY\ ~~ ~ _ " '.

>3 ~S 0Jf\ (\CAY$\JL ,4\"db.h\C $ 0-\ O.s)~ Wi0\OL ()ot;k~t(Y\

-to ~6$~~SWhat are the biggest back-office concerns if power is not restored soon and processes interrupted remainpartially complete, posted or transmitted? Have the stand-in limits for ATM and debit cards kicked inautomatically or was there a need to "trigger"?


- f-S, locK-ciocxL" ~,~ ~lLiopn&v\V'1AS~ (" - ,\..

'-~~~ W\\\ '~wYQ\I'\ mS\'tL '- 0~ l)n-\ll PCitQ;YL IS

~~- .- ~$\ {hDYLSlfl b$lt~\0G\ ~yud- S'tTt~ b~d 01

L1\~nc--L ~f\St{VJc1i~5

- ciAs.p~ ~ G4c,; --\0 ~ fuvcukn.- --jv (MQ»<-

~(£) ~chQl\QYV\~


2

CONNECTICUT BANKERS ASSOCIATIONIILights Dutil A Full Immersion Business Continuity Simulation



BANK: ~~ .

Power went out at 10:51. No generators, and except for the server rooms, no battery back-up. The UPS foreach server allows for a 15 minute shutdown period.


LOG~0CO~~ dll(L'-\o '\\b ~CJ.,L;\~ ~D-tQ.fn~\c,t~ ~CL\ \ eC -\-0 ~\ld Ou.-+ Of) ~Tf\ 04- --V\~v"?()LOe'(L CJ-.,l40. z,

~~-\cu) 'C.'If (on\u.c-\-'bffiJle.h "(\\Mu. <JW~...10 ~ \ld au.}~o r ~01\... ()n --Yn.Q..-\r 'Prevn u-- .\$)\I.~-L\~ ~(\~ ($mm\~\on 'tAl o~'brCl(l(l.h Clo6\ncrs.


-fuQ.. ro, Qn d1Q":) W ~ (Q... <:"0(l-h.lGiQJ \0(" oC£Q~m Q..ni~,-:r4->\\,~ eft; w\\t\1 o&J- y()~~ I ~ocJ.tldcoa.·sI. c.O()fac,~

8IL<:.u( \\y -t- ~tL-~~ C\}P. \~\\t-\l.S -o\lou.-\d -pJUlG\ L ~Qn~.---x"0~,-,\ \J.:)\;\\ pQ..- )Jtv~Q( mDd ~aJ- oJ\ i-;)eJIIP-V5 w-,II ~~ud- 6\.)\)..)("\ cd- II:00 0.rn ."0(6.. n C'..n (1lo..Il0C\vt5 $1o\.dJ .6\t\$L\ <1G())L ~\\ \0\ (\Xl.J~W ro<JU..;\~'aL ~ \\omt, 'g-t':::> ,Jon

_l \ ",' • ,Q d41'1)\c.(\Q,nQ~ "Q'\l6u,\u C()MQc,'-r ¥D \\(.,Q.. \ ~ ~Qf<L 0..( e... e; nC-.9-(CC

Q~\..\.6..~\.A\ 'cx\.(\CQ~, ~ \\\k~G.'0\.\ .o~

1


Ct)\\\QC+~nCL ~\·rQ. OQ.,~U{-\m!Ln+ ~('~Q..~~C~J.L~L

cA ,~Q... CZD -0\- CXlCA.\' fOW\ . .\~~\ \\-\\ ~~ {n(,l('Cl8~~ C()\\.\-QC+~0"\: \<::> <C\)~\ oJvt ~ Dc (A~\ ';:)b-4ccn CcL.

fnOS$i5!LffiQ(\+ ~QJ\6~ '\\O'\l\t. ?.Q(~()eL lJ..)~~ ~Ct~y

<:CJ'\\c.Qr(\~. ~ VQ.,r~QL Q\{L-b (U-{OlW() 'acUJ,nd.'S>0~~lL OC>OO0 0.f\L\ ~\f.."C-h \c,aJl. e.~rud.,~ ~$()\J~Ol):)<C.-(l ~QX~"


--rucio'lun \':> madt a.A ~·.ro (->111 u,:;\-Vn o. (..\O::;I("\~oj 0'.~

What are the biggest back-office concerns if power is not restored soon and processes interrupted remainpartially complete, posted or transmitted? Have the stand-in limits for ATM and debit cards kicked inautomatically or was there a need to "trigger"? ctCLO(l

CDn-\uc;~Q.O~ -\t:\\ ~Q(y\~OJ1~hES art ~ * 3(1'\.~Q1llJ2fl+'S\u-~.~\" \.:\~~ ~{" ~-\1JI -t- \JQ-'t)\ t CD- rd ':> .;- ~ Com plQJQ.,-Y'\\.Q.. <end t§;;. '( \J\{) on '"I\'<\Q~Q.. c.Cl{)~ur.a-.,q- ~\cQ. ~Q- -\41 Q ~+(Y)'S.

COMo-c) to' '-t...t "

~ "'R\.gL~ ~(.,h ~ 'o/rLX-oc1u ("J2~ ~, LO'()\CLG.,t, \l ~

c.b< \ Q~~~(l~~

2

CONNECTICUT BANKERS ASSOCIATION"Li ht 0 " .g s ut A Full Immersion Business Continuity Simulation



I BANK:

Were the branches contacted for an assessment' WhaTimetable? Security concerns? Vault? . t were they told to do? What is the follow-up?

1




3--\--,,11- eM ~ (JvJL o.-vJ-6lMJ.e~ fA,. F~ ~\'-<.>- h)A.uM--. 15-"""" 1> ~. ~" r6::~

d.IS""0-h-~ ~A"'" 54.-<.-~mt'- ~ ~ ~ ~ .~

e~c-k~

2

CONNECTICUT BANKERS ASSOCIATIONIILights Out" A Full Immersion Business Continuity Simulation


MOBILIZATION REPORT- HOT SITE

BANK: ,1s+ ~~ V ~Y-~ \I -'

Scenario: Moving operations to the bank's hot site

As time passes and electric power remains out and the timeline for power restoration remains uncertain, whatare bank's plans to mobilize to the hot site? The bank has 5 seats reserved at the hot site - who goes? Whatprocesses become a priority at the hot site?

s e..+, b \ \.~ ~ L 0 '--v'-""-"'--VV"- \. c, "'-\-L~ L~('-v '" If ~ )

Q -r 0 (JL~.) OR..

C, t ( ~.r'->J~ i, i>!e. s::~[~:~ :.J 'C.w~ ~~ \-('\,-.)7 '\c-LtO~ \,.rD~'9-S(~

- G\\ ~l{ Co~"T~c-~ f~"\-ov-JtN~ ~ lcc.."'<-~

_ t-uec() -e l-~~l~ <t~ ~~fr~flv:\c:.. ~



MOBILIZATION REPORT - HOT SITE

I BANK: ;) n& Sc;...U"'if~,sc:..,t::'---------------"Scenario: Moving operations to the bank's hot site


b~\(~J'\..6 +-('~~ sC-..d-~0 I"\. ~ -

-\-\ /AV\. S. ~c.. \-.:-0 f\. ~




I BANK: '3 cQ S G\"'inqr-s~fc...L)-=-Q_n--=-~--,--- _



Discussion:

~r:t-~rs ~~I/'S -

~ r-~~ Ops (i)

IT/I:> G)fR CD

-: f;. Lr-(;JZ




I BANK: L} Ii-! 58.J) cJ-bs ~ «,Scenario: Moving operations to the bank's hot site


Discussion:

,- Got-l~ c. oSc.. -ro ACC6SS .\-lenS;rTG

,-6~~\~G-'-D€-P OP=;_ f}C-.CJ\\ ~D--- \ - vJ, f?!-,) \ - b L.

__~ S6e~· .~ C~LL ~--ree. / ~

\..()) e.S25

~ A-c~,- PM-f P~cx::..·

bL-'€~S,.- 6'lb'P Pf''ITS

G.A9 C:flLLS

- c;;b-.J (Lo \-\.--




I BANK: 5--1±> &\ n (os b"-----'CAn-'------'-'-=\c==-- _



Discussion:

(D W\(Q ~ A\P (lMSCY\~ OPS ptAsm- ~+\--\J-vvu-vJs, CA0hlt~s ,Av+h LD1YLlS

d) ~ ~V\cjY\3 P~~ar\ - PDS>1- p~, (JAOe.-- Acl»~s

G) 0~\1- ~S<Y\

fJ) {DSiL vYclhl~

~ONNECTICUT BANKERS ASSOCIATION"LI hts Ou II .g t A Full Immersion Business Continuity Simulation

Crowne Plaza Hotel, Cromwell CTT d, ues ay, December 1, 2009


BANK: &+tt Stuli'Scenario: Moving operations to the bank's hot site

As time passesand electric power remains out and the ti .are bank's plans to mobilize to the hot site? The b k h rneline for power restoration remains uncertain whatprocesses become a priority at the hot site? an as 5 seats reserved at the hot site - who goes? What

Discussion:

PIM6 +0 m()h;'/(~J}tV-f;;:? we lA..JlJ-v--lo ~ aa»: ~pfL 7b ~

ho~/f-e-

5~ - COOl c:ro; /l-f-ad ¥ (fN3rY1?),

jfl SVcJrtJ Up, Ac&'Pn:;/RYIaYlCL~

f3t!~'hes -~Oc.v.:J>i"'J of' v~ I 61Ltz,+an:J.~ .i;0fi(l3~~()"'>

[xulJ<MD l3i::«l \--'J ~' d,oJ, 5>0I+LLvYu.M:t- /:xLQa.1 [lci ~

f1~c!aJ! Mtom (1/ +.ProCU:>b jn RjmTJ-b

~ '\ky')+y ~I iC-Q,-ti <JVIS. o...A.R.- (J.V (}..I {(l.Jide 0).- but:up.~cLuVlL




I BANK: -=l *'-" SV 1\0 ,----"'-<- _


As time passes and electric power remains out and the timeline for power restoration remains uncertain, whatare bank's plans to mobilize to the hot site? The bank has 5 seats reserved at the hot site - who goes? Whatprocesses become a priority at the hot site? '



INCIDENT RESPONSE REPORT - OPERATIONS CENTER BREAK-IN

I BANK:

Scenario: Break-in at the operations center

The Operations Building's alarm system was rendered useless by the power outage and the building. The localpolice have called bank management to report that the building has been broken into. During the initialassessment, it has become clear that bank security and customer records were seriously compromised. Wholefile cabinets and boxes of records are missing, including loan files, signature cards and other archival informationthat had been stored awaiting either destruction or retention. It appears that the breach is limited to non-electronic media only, but ....

How does the bank's incident response plan address such a situation? What's the protocol with respect tomeeting the local police at the site? What's the protocol with respect to meeting, reporting, cataloguing themissing elements, communicating with customers and regulators, recovering missing data, etc, etc, etc? Theoffices of the FDICand State are open if guidance is required.

Discussion: (how was this handled/resolved?)

C G1'.I~~c-i- -;:. CJ \ C.C'-'..:0 \.---... C""'\ c»~ r» v--'"'-'-".e.& c. '-' ~ \~ ~ ~

tAe..N;C ..•..~C.~j\\- ~J 4.-~.,.J""

Cj~"So.. ~ 4e.. ~ "-

Incident review: (retrospectively, might we have handled this differently?)

~(w- L--e ~ Q, vv--c>--Le ~~ C. \..e \ Co. e, ~ tJ,.h""" 10 \

./

Incident follow-up: (reporting? To whom? Follow-up steps necessary?, etc)S+- G..... '?:>"' •••\::..'-.•.•~ ~+

~Oi.c... \)C...,..,.~~"tAl>l-' r-,:\--.l~ C~\. ~ L- "L~




I_B_A_N_K_: ----'Z=---~_~_ _=S_=""~\I'__'_' '1' i?>~Scenario: Break-in at the operations center




Incident follow-up: (reporting? To whom? Follow-up steps necessary?, etc)




Scenario: Break-in at the operatlens center



Incident review: (retrospectively, might we have handled this di erent(y .

.Iii rc. ~ H-V tj u.anl LVr: IiU- 1{;~ ~I I:W:(-J.-;fJ;L.LwtU; ~O ~hj JrJ &-, JuJ -+or ~Y1 LX~ p~r D •

I~ {)JJaJ ( rLh Lc -


CL~()SL."hi IDr t I~ -fWWu.J1i-S

l?>Dltxd








-·H\~b Pr ~'V)~~ ,

- S0CVl~· q\ \ f2-e~~-l. .r1~ re_ \ L.R1/ ( QS- ~a.. 't\ ..:r~~,~~T k?e!;-POA-S.~ (?Q.<J~'-\e::==s.----- ---- {

Incident follow-up: (reporting? To whom? Follow-up steps necessary?, etc)- Q~ -+0 Bootrcl ~S\' (\IJoe..,~







Incident review: (retrospectively, might we have hanlf'led this differently?)M C) r e, S Cc.. •.• ,. e- $+0 "'CIl~C. .'

Incident follow-up: (reporting? To whom? Follow-up steps necessary?, etc)- W I II 11\e c..t to jl:..c..c: ~ or c:.. ••••\J I '"+ e • ~ G\ ~ f ,.; :S c: ~

T ,ut- ""- CV$TC .,.,e.... <:: 0 ""'''''''- v,", I cA I 1J~ S • .•. . ~11. +' . "'-.- b~i",,,, :5veot· wo ••.k ~I~ 1C!eJ\/:\/ .r~~V'~$<-t-1 ",c.s- rr»: I (!. I f" I •• oJ'; ..J

~V1.s\;"..r:::""S-':t-SS\l~ 'f'r~~S




I BANK:



How does the bank's incident response plan address such a situation? What's the protocol with respect tomeeting the local police at the site? What's the protocol with respect to meeting, reporting, cataloguing themissing elements, communicating with customers and regulators, recovering missing data, etc, etc, etc? Theoffices of the FDIC and State are open if guidance is required.


'~O-S-L ~~ )J..1:fU w.:.....~ ~"'A Slu...d ~ cka>-.~ ~ ~-~.-7~t C~VL ~ F'lbOl"" .. l:tv.-~

',\D ~.e..:\-.Ai CJL fen- ~k 0)'\ UL..



RESUMPTION PLAN

Scenario: Power is restored at mid-day on Friday

Power is back on. Is the bank trying to re-open during the day on Friday? If so, how are you communicating suchto employees and customers. If back-office personnel are reporting in, what are they doing? How are logisticsand data being synchronized with hot site mobilization/de-mobilization? In short, what managerial steps anddecisions are being made during Friday afternoon and into Friday evening?

Discussioru, \\1\ \ bt &t \ \ ~ ~ ~'-J ~ .•..\ l.c. b le. l ~~~~ '-.)~oN

r0UoUW' \e..~~.~

~~ \ ~"'-~\ o} S ~~-' '\. \ ~ s. v- ~ )- €:-~\o~s G\\ "\ ~

- V "1-.. C? I' 0 ce, ~$()4\ ~ ~~~

" ~~ '-.-e. k ~c; o~

-c, fStC~'-.JQ'(""I ~t ~,j(G..& ~NJ V--t:J~~

"t~ ~~~~s./ ~~C.. ~

.h, t L'-"-L ~ I ~

~ c.".-e-~+~ 1)o ~~ ~ \J \- C) ~ ~\....e-,", e- ~

- 9cc~\... ~~ Lo ~'-Sc-u'9..s oil( ~pJ'(jLe_9~.$ r~\j~lv M.~ <;iA~s



RESUMPTION PLAN

I BANK: ).J.



Discussion:

saT.,CY'"

C)~ ~~ ..t-~~.

,~~ ~~~ ~~d"

.U~~ ~j&~ .o J ~ n _~ ~ A.A~

" O~ ,~~~~~. ,,-v-- - J'-'

M;)P ~ J'VQ ~.

·~~r~~\....~4~~~\



RESUMPTION PLAN

I BANK:



Discussion: I~~ byOV""-- I~ iJ·re-cV701\/\

~ +-"CAl::t: OIVL t\ <{ J~~ ~ c:~tlJL--,t-.

- NUA( {Q q ~S-e~ s

~ ( ho~ a\ \-~



RESUMPTION PLAN

5av\BANK:

Scenario: Power is restored at mid-day on


Discussion:

c-- We 00\\ l 0C?~ a.~ 5001'\. GlS f Ct-W ~ '\ ':J L9-"V\.

- ~<\- \v ~ Qfl<J.JL lA.:,--\ '-\-0 1'\ 0--\ \~ ~V'f\.(J~ .

- (\o~~ ,~o ~ '"\'J ~ ~'-\ CQ~~J ILf'\G-e..o. Po~6~ L0~~~

- Bac k ~~ \~ L-u\ \ \ \~ p~ <;;;,L o~O ~~ ~o-\ I<-~~ JJCLck dcct:o.d ~o---dL

~. L0~ LA)\ \\ no--\- cLo.-m6~' G-1f-. \ ~VV\Jlc4~~

y~ <=)ho~c9 ~~~-"cc~ '5~l\ch\CJf\ l6.....

-- Qo..rQJ' ~ ~5 ¥C'0tA--l?Q-(~cZ ~ ~i"~0,fQA"V\'lQ.v\~ ~c Cj ~~. @a..(.k.. -'--<-.f ~P'(J5

~ ~e~e ~'. lP6-<~ 61'1S6-~~_1) e cd-a- I~ '8 Ct..ck- ~ \ C2.>2- ~cQ:5 ~ , \

.'" "R QN\ -e.w Y f( I!)C.... Q7 c bQQ "'>~ .":> "4 ~~

f ~Y\.5 Q'5 ~~

,.(\ n ~ "~ ~ /JQfil'll4J\~,'-j c CL.Y\ 7' '--\-\0 f\ ~CJ-'Yl( no\:S ~~ \~


Crowne Plaza Hotel, Cromwell, (T Tuesday, December 1, 2009

RESUMPTION PLAN



DiSCUSSiO~\t~~ C'el\ 1r~ _ (6f\UC O~(Q eVlA-fOI~es Ln 4-0

b~~/ (LQ~Cfl~d~~

S c\vlm\GL ~)\\)-eyIS ) bak~r9!/rU~<JI~G (\O\r ~ E'Y\c10\2 dU ~ U .. . \\~ . ~c:J_' IV) bunv-ti-

- Kv:tcllo i LoC(}L IV 'AtlS '-t'I'~ UX ()M. .~)

_ pSS<-S'> StA\,-\' ~~ - C:CV\ \JL ere)" eu bYL~Yl(.NS':,



RESUMPTION PLAN

BANK: la'-kc ~OvV{VLCl~ 1St./ }





RESUMPTION PLAN

BANK: '1Scenario: Power is restored at mid-day on Friday


CONNECTICUT BANKERS ASSOCIATION"Lights aut" A Full Immersion Business Continuity Simulation

Crowne Plaza Hotel, Cromwell, CTTuesday, December I, 2009

BANK RE-OPENING REPORT

JScenario: Bank is back in business for the day on Saturday

Operations have resumed on Saturday. You meet with the management group at 4:00 on Saturday for a lookback at how things went today after being force-closed halfway through the day Monday and operating indisaster mode for the balance of the week.

What were the greatest obstacles and concerns in re-opening today? Are there tasks that should be scheduledfor the upcoming weekend in advance of next Monday's opening? Reconciliations, entries, reports, and/orreviews that should be caught up?

Discussion:

Ie-~n~.f~/I~I~t/ ifArJ




Scenario: Bank is back in business for the day on Saturday



SeeD'/- c/ Q.,13 =:» t-

vJOJ1c!

,/, r ./.e c: 0 /I C, ("~ r, 0"" .

be. (-v'" C'';;J /s/f.e. ~Ol 0/"5

, "'5 v,,,.... GL o.ry-Y1-'t6-~,.., 0Ji'..r,' G e.

C-~~ /l t:J ~ ''}

rt"o..)- S I'/-'"




I BANK:



CD r&JWhat were the greatest obstacles and concerns in re-opening today? Are there tasks that should be scheduledfor the uocomin'p weekenClm advance of next Ki1onday's opening? Reconciliatio;S,entries, reports, and/orreviews that should be caught up?

Discussion:

/~J




I BANK:




Discussion:

.- tl\-051 QRfnCF>t-- 00~-rr\ oJ b ~ p~'V~

~;eR.. ~o;?<A~-~'

-y-o ~ o"v &t=,-n.R(:L~t

~~~j) vJ«: )9 A~sS. eps. G:5~ ~C<)?-:-b

12~\e~oa<-i t- -s'-.. QvJk?.(T'-j Pc20CK.b\;\~

H-R-~.J::::L\ ~lr- J. a-l~-A s,,"<D~Q-A~ \ c, ) 0-\ ~...l Q.k;S




I BANK: ~ ~\n0S r6en)LScenario: Bank is back in business for the day on Saturday



Discussion:

- r01$St- C\\~UV\~ - C:S (Qv\'aA. ~c-tly) ~ +lJ-'-\--- 0L.-Sckciu\L L()OrA G\O~YlaS~ 'f}AOQS5 ~V\s~d'1m31 e¥\0IY'-Q.... all poskct

~~Cl'6G~hcn dt ~C-CIlc1<; Yh\S~"nrYt RfLt~ +- \JOl- STi-C-~ ~ ~u..ncl (! lo~ af'- m~ I- fkn-

~ ~ H(Q\0~1l

-'S~ .I~

,,~ONNECTICUT BANKERS ASSOCIATIONLights0 t"U A Full Immersion Busine ...

Crowne Plaza Hotel, Cromwell cr r ss Continuity SImulation, uesday, December 1, 2009


BANK:

Scenario' Bank' b .• IS ack In business for the day on Saturday

Operations have resumed on Sat dback at how things went toda ur ay. You meet with the management roudisaster mode for the bal y ~fter being force-closed halfway through ~h : at 4:00 on Saturday for a lookance 0 the week. e ay Monday and operating in

What were the greatest obstacles and c .for the upcoming weekend in a oncerns In re-opening today? Are therereviews that should be caught dv~nce of next Monday's opening? Reconciliaf tasks that should be scheduledup. Ions, entries, reports, and/or

DiSCU~ ~

- \Q.S\cSl. . .• 0-~0l~ ~ ~~ i~'t) \2-eo:DCA\I;

O~ ~eAf\OSS ~ ~ti'l\Ll ~~ ~'('J flI' ,,"'-",",,"

. \1«-t~ ~W)~_h~ bTI;\ 01k- >~:Slf0\ \

¥S ~(m\~ QO~~ ~ \~ ~~ 5\:~ \:::> O~wl~ ~(\\~ W ~l-

CX\ \-\D~\o \JO~ '~k \ \J \W CJJ'O- ~\--a.ct-

~CA-. ~~ o$JO\~ ,*,\j(\L \n'S5~• c..onw& Ct-'r\-\coJl V~ it> ~ ~ ~

CONNECTICUT BANKERS ASSOCIATION,IILights Out" A Full Immersion Business Continuity Simulation



I BANK:


Operations have resumed on Saturday. You meet with the management group at 4:00 on Saturday for a lookback at how things went today after being force-closed halfway through the day Monday and operating in---- . -disaster mode for the balance of the week.

What were the greatest obstacles and concerns in re-openinK today? Are there tasks that should be scheduled~ .-. --, "

for the upcoming weekend in advance of next Monday's opening? Reconciliations, entries, reports, and/orreviews that should be caught up?

-€.-(/\ Su. ,', Il:S o.-U J,' Ie S LA VLd~O--l~VlCe.,cL CL~ ~~J-' '-fC.J.A_~ ~o:t ()~r 'e..r)'::::"LifLCQ)~

_ vJ""€... e.rc: OV+ So 0u ,-c e...c:£ ~ 0 u....(t-

/OCCv+GC/'YL __ w'e.. i-vJ..v'L h-ce~reSUW7 f1hWc adr~'-h'~:S

15



BANK:

BUSINESS PROCESS:

BUSINESS FUNCTION:

Description of business process under normal operating conditions:

C~>~~ y-e!u~h 1r-c~r~~cI0/ (v~d5

Minimum acceptable level of outputs and/or services during a disaster /Iimited scenario:(what we would strive to do during a serious (Katrina-scope) disaster)

Process resumption procedures following a disaster I disruption of service:(what we would do before resuming normal operations - verify, reconcile, "shakedown", etc)

CONNECTICUT BANKERS ASSOCIATION"Lights Dutil A Full Immersion Business Continuity Simulation


I BANK: / 51- ...570--t.J.~ CA

l d

I BUSINESS FUNCTION:

I PRIORITY: (HIGH, MODERATE OR LOW)


Minimum acceptable level of outputs and/or services during a disaster /limited scenario:(what we would strive to do during a serious (Katrina-scope) disaster)

l#t

Process resumption procedures following a disaster / disruption of service:(what we would do before resuming normal operations - verify, reconcile, "shakedown", etc)

.i« rq;je /&/"CJ t»/c &... f..c /: e.- 5 .

Cu lA-'> I IJ-e-r-h/>,,,.j



I BUSINESS FUNCTION: 00t-Goln6 eIDh---l,L;;lo(...o:\b~· .L--V\.\,..L..5 _

I PRIORITY: (HIGH, MODERATE OR LOW) 1-h0+tDescription of business process under normal operating conditions:

()q-S h lLttA s Ctu.. ~VJr- cUt- fw I~<i oJ-~-~T~m'N<i 1\W'JL3

Minimum acceptable level of outputs and/or services during a disaster /limited scenario:(what we would strive to do during a serious (Katrina-scope) disaster) ,

LD\~w\ ~ hcurcS -\0 O)J01~ p-~k~

~---.




I BANK: lo~ ~\\\Cf>'l:ua.LI BUSINESS PROCESS: .~ \ \

BUSINESS FUNCTION:' 00~

PRIORITY: (HIGH, MODERATE OR LOW)


/~cP~()d clo..p~it +~~6~Ull)cvJ)p~ ~U'Q ~c.~

~~~(j~'


--r()~b:d~ ~~~ ~ ~ ~~.00~d~~ ffi\-LOC-'h tOD\uin.~-\-u:J \\-nO\cu'~ " , _

"\<::> ~(l5\) ttL Q.)J.dum'($::, ~ u:>{\~~·{lLC ...W~ ~O\ ~tID,


~-Q)\\~I \j~+ +'lgr~~ .



BANK: ~ Q- , -r:2..\..)~\) \ S '"\...A",

BUSINESS PROCESS: J)exYlo..n6-- 7;>1++5\---vnnt--

IPRIORITY6;r~ODERATE OR LOW) HzrJ-"--,,kt~-------Description of business process under normal operating conditions::r~, of ()1It-i-'fW--CoW7'-ki I'kwt.S ~w- '-}-t.L

lAplo{}.£/J.d ..J.- '-Pi o.A/LDf/Vf lNed In ~-ed


PhVc.;(CCLiI'f cfj{)).A.l)~ ('feMAs -fo ant OPUCV-h~&iU1cM &1 Vne-fY>Ocv:u:,cn ~ 1XF ~'* frYYl ikd tJVl~J 0()ld m baJIld /cJca.;k'oYW

--r-\.I\f •••••v.i U/VL>h' ( (;1J.JeA /tLc!J'-f-ouc(




I BANK: ("riA. ~ ~~ ~~

'z,~ I BUSINESS PROCESS: A\'r.tl / \) b &'-6 ~Xv ~ ;:;;

BUSINESS FUNCTION: ATlYl ~~ -I- BoJ..~V\Cl


Description of business process under normal operating conditions: / "1,,./' c: .~ AM A\M J.C.a<i>h Cov.n+ z.. \-oe<-lOVlce +-0 5yo'1-cVT1 ~~ .»

?>p«) . e-,eAve10t?e- pulL ~V'.ci proc.e~~ +v tjL.~ eV\vt:-~~ pu-Cl ~lu.r1('£ .-t-v 4e.4:-evl 5 p>V~-6+-o ~ (.

-> A-\'('{\~ Qre f; lLeC.. G('I[e 0-("' ~1·Ce..- wet) OSh ca-e'So S CJ'v"Uj

vMinimum acceptable level of outputs and/or services during a disaster /Iimited scenario:(what we would strive to do during a serious (Katrina-scope) disaster)

-7 rJ,l .e.-(e c-~ q~ VVJ> A-"\ yYl'5 ~ J7 ('t':1fI'1-~ p,.-T1rV\<:"$ ,-r f"S51 6).-e- I Lqo Q. CS soon as

-ro~:s")b le. _ Cb~(l e /T,(-J-~' 5 whe re po -s 'S \ blC'~f\...... (l.e....c e:<;;? 50

I


~(v0a\J O-LL ~~l~s -+0 eo{'e.) . \aQ..\Q(1ce a.+mrs'P roLe '5 5 e.'" v-cJ dxae-s I bt.L (( VI- ( -e... ~'i6tc(Y] .

./ "13rl ~S LA- fJ as5-r:uP'



I BANK: i'MA ~~ ~

I BUSINESS PROCESS: W,"re. \r~_r_~_v_~_~ -----.J

-z.s-I BUSINESS FUNCTION: L(D~ W~ Tr~ ~~ \-Vvi.

I PRIORITV@ODERATE ORLOW)


~\1L--\v(Q\"''i k- I~ t(GU~ V\", f~)u",-,-- ~AV<A"'~

~y\~ ~ A~ o-»: ~'5~ \0 er\l J\ e. sh~ (fi(.cov4


~Isr\~ 0\L'- ~~\J<C f~UN~

K W\VLE r~B,S~ _ AlJL

"'-rv,.Jt-""~ ~~ ~~A.L_

~I p(b6 ~)--,\\)'1'A.~S~'OV p:>.r-JT I ,,\:7

N\K£S. VV\ V<;T t):b pv:;Ttro


Tt~\·,..-n,"L I {L<:':c.OJ"CA Cb (

~ f('vJ)O Jonb N



I BUSINESS PROCESS: ~ prou....a.<2..·. ~



V(5L0"A \ D~l. \"-e. e( 'F~l£_ G\.M.~\1osr T~ A.cerS. .rW'fVlO)

Minimum acceptable level of outputs and/or services during a disaster /Iimited scenario:(what we would strive to do during a serious (Katrlna-scope] disaster)

~ ~ W,,-u..\J W~I- -Iv ~ --k c~k-"- co..J.- k~t:tM& ,?O~ t=, -\-0 ~ GUJv\-o~.A~ ~ .

~'f~~ -\-v ~}O \A)~\.l-r0~ Q:~,llL'~'\.0O"'-\lsk -tA()~{l..{.Ac-h on. Q~ (L.M \ ant ~ ~ ~

W~Proce r sumption procedures following a disaster I disruption of service:(what we would do before resuming normal operations - verify, reconcile, "shakedown", etc)

~{6\1\~ t /L ~TS ,vt>-L ~ ct-Ut=-6)(..O--'0-- L k ~.-io-VJL ~ (!)...CC- ~Cf ~

ll~ .•.,A.Q.L&lc»J) ~& l3tJJCHt.UL-



I BUSINESS PROCESS: A\fh /0 B ~~l ~v-, ~

-z.? I BUSINESS FUNCTION: J?i~ ~+ &y-d~ f- ~ &. Ce-t.r-&


Minimum acceptable level of outputs and/or services during a disaster / limited scenario:(what we would strive to do during a serious (Katrina-scope) disaster) j r )

J =lo rdf?A r ru cJd~Cu' s;:j QOY1ce/ I ~L (/Jv..V?-Io! 01 t'//l~ t /

'Je" Cd? O~J + 1).-. a(l(fc~-"f q f ". n tJ ~ t/w- c:;r~vJ r-1-0otJl~ / ~ O/~ j.U J.{J {-I (I CU d S CetA-


f\.t oJ (' Of Js C<A..L O/c!e"",j~/JI o/duo Ctr/~.


$J,~vJ-1) ~ ~ ~ O"1:;O~ f¥Z'~

~ ~laJ.u ~ ~ ~ c~ ~ /L-L u.~ ~.~ ~ ff/ tl0M-

~~dif6··'i~



I BANK: 7'rlA Sow t~

I BUSINESS PROCESS: ProcJ~ Dftr_. ~_V\-/'>_. _

I BUSINESS FUNCTION: ~ ~ ~~~


Description of business process under normal operating conditions: .E'"QJ-.~~ GrIL~ ~cO -~ ~.~ u-\lIdi~->

~ l'2clvtv~ll..tMpoM \Mv~~/Dc,


-=t:s.o\~ ~~ro~ ~ 'in k ~~ OILU- pC\JJo.brrwt-or--dl G< +tJu-- to D,~~'f-er~v. ~ ilf o ~ • 1l.o.l-v I v-, c1-e.J,u, wi 24- u.: o..a ~



I BUSINESS PROCESS: .:z-:... &6'<- ~) C•.•LI BUSINESS FUNCTION:



Minimum acceptable level of outputs and/or services during a disaster / limited scenario:(what we would strive to do during a serious (Katrina-scope) disaster)


jJ~ ~ c4 t.,} 5;/e



I BANK: /5"'±:- ·Sc.-v~ J5~LI BUSINESS PROCESS: "::r-~ c.o-.- "'aI BUSINESS FUNCTION:

I PRIORITY:~ MODERATE OR LOW)




Feci 7(- /.~ /YlJ u.-d v~

/l/~n-c~4 e~-h/,dh/~;I-

{<n<-f'"'/"""- d..("F' wL UeJ..rlA.J I//r'"/v,.-'~ de-en ,0",>

av.. d eLf" .1" -e s s ~I- 0/ j?gp e:

/ I



BUSINESS PROCESS: \". V\.

BUSINESS FUNCTION:

I PRIORITY: (HIGH, MODERATE OR LOW) WiqhDescription of business process under normal operating conditions:

1nUil'Ylil"1 Cash L.::HetL. oU-+Sau~L-ed -b dcd-o. c~ •

Minimum acceptable level of outputs and/or services during a disaster / limited scenario:(what we would strive to do during a serious (Katrin~-scOpe) disaster). ~

Local \c~e.\ - p(6GeS5 r..e.scd-s /r.etvrn l-TanS

reC6\J~()u\;,'4 f CGn-\-\(l\J"C:.. ~ ~ dcd-e:l G.O{l:~ pmce5U'

\ncominq easY\. \-e ~


CONNECTICUT BANKERS ASSOCIATIONII Lights Out" A Fu/llmmersion Business Continuity Simulation


I BANK: 3 r.d- 5a\I]'~S ~GJ\16~ _

I BUSINESS PROCESS: bU\\11 Wh L7vJl1flCi AA~ ~~~+\----------------------~


I PRIORITY: (HIGH, MODERATE OR LOW) tb9~h~/ -----Description of business process under normal operating conditions:

5£\(- e-)<r\'~

Process resumption procedures following a disaster / disruption of service:(what we would do before resu ining normal operations - verify, reconcile, "shakedown", etc)


prCNe \u e sdCLA-.\ --.fn S+o..,rct--

5e.+\\e.. \V\-conv'nl1 L4$. h \c..{-\O'h

~ (jJ.\~ffi\UIC{ -\-\1(1)~ h ~ cav\OJ-



I BANK: 3rtl S ~- O'Oi\q~s---",~,-",---_~ _

BUSINESS PROCESS:

BUSINESS FUNCTION:




5?lcc--r ~ ~ pY'DC-eSS

6lJt5~\ --r~So..c::H~S




BANK:

BUSINESS PROCESS:


I PRIORITY: (HIGH, MODERATE OR lOW)


Minimum acceptable level of outputs and/or services during a disaster / limited scenario:(what we would strive to do during a serious (Katrina-scope) disaster)




I BANK: S+.b ,S;;;J\ n0S t3-'---<.Wl'---.:\'---L _

I BUSINESS PROCESS: l0t(L<L U0nSK ~\hD-S

I BUSINESS FUNCTION: --.Lx1c.o.rn\ 0j u)\YUL, +r1-&VlSUJ\ s

I PRIORITY: (HIGH, MODERATE OR LOW) l:±ua±t---------


'~'n::u$:.e..-+eA W \Y'LQ...., G\d-Y\srnl S'S'IO'J


Cvill- ~\~ks -\0 vU~t COV\clw1C-.L


~~()'l~ lXlpos)"'d 0-clhSo>d\(Y\5 i CM-W W'i'~"-

~ (LLt-cYCt h-I



I BANK: ~.~ S'mi\ Yl6s bAnK.I BUSINESS PROCESS:I-.\ems ¥iZOQ.lLSS-; o5

I PRIORITY: (HIGH, MODERATE OR LOW) 8\0 it


CU,-\-SC\)(LO-c.. --\0 CoSC- ~\~ OK - no ~VI~

~ dtslWphO) a+ ~\;\CL


yu\\~ b~rs~ctlO"-j~JU-~.~lL- m&YIUw~ ,

the navis group ice storm test... · 2019-03-18 · the sisavings bkbank havenford, ct the bank...

Documents