Board of Governors of the Federal Reserve System

The Federal Financial Institutions Examination Council (FFIEC) has revised the February 2015 version of the "Business Continuity Management" (BCM) booklet of the FFIEC Information Technology Examination Handbook (IT Handbook). The BCM booklet is one of 11 booklets that make up the IT Handbook.

This booklet discusses BCM governance and its related components, including resilience; strategies, and plan development; training and awareness; exercises and tests; maintenance and improvement; and reporting for the board of directors. Additionally, this booklet outlines the principles of BCM to help examiners determine whether management adequately manages risk related to the availability of critical financial products and services. The booklet includes examination procedures, addressing:

• BCM concepts as part of information security.
• Various management-related concepts from other booklets of the IT Handbook.
• Elements related to BCM such as the identification of critical business functions, interdependency issues, and training programs.

The BCM booklet and the other booklets in the IT Handbookare available on the FFIEC website at:  http://ithandbook.ffiec.gov/it-booklets.aspx.

Reserve Banks are asked to distribute this SR letter to the Federal Reserve-supervised institutions in their districts, as well as to their supervisory and examination staff. Questions regarding the revised guidance should be addressed to the staff in the Board's Systems and Operational Resiliency Policy section. In addition, questions may be sent via the Board's public website.¹

Notes: