1. Credit Union IT Leadership Series:
5 Ways to Disaster-proof Your Credit Union’s IT Environment
Disaster preparedness planning is one of the most common reasons credit unions engage our firm. And rightfully so,
it is one of the most important elements of effective information systems management for a credit union of any size.
Although a credit union’s ability to withstand large (and not so large) catastrophic events has always been relevant,
there has never been more emphasis on disaster recovery (“DR”) as a practice. Ask an industry expert and you’ll
learn that this is primarily due to two factors: One, an ever growing reliance on data, information, technology, and
Internet; and two, oddly enough, Hurricane Katrina.
In recent years a credit union’s reliance on information technology has grown exponentially. Think of the ways we
rely on technology today that we did not just five or ten years ago. To service the daily needs of our membership we
lean on our ability to quickly and efficiently access not just core processor data but many sources of information and
databases that support our roles. Beyond the core processor, credit unions rely on email and voice communications,
web portals, lending platforms, third party payment and processing services, ATM connectivity, CRM and MCIF
systems, file and document imaging services – the list goes on and on.
While Hurricane Katrina isn’t the only other reason there has been increased emphasis
on DR, it was a huge contributor to why regulating bodies started to highlight the need
for credit unions to more thoroughly, creatively, and urgently act to improve their DR
capabilities. Our take: a huge natural disaster should not be your only impetus to
improve your credit union’s ability to respond to a disaster. More often than not, our
credit union experts are focused on the more menial of “disasters”, think simple power
failures or internet connectivity issues.
Since each credit union is truly unique, professional assistance should be sought when
necessary. Many of our credit union clients internally feel comfortable with many
regulatory issues affecting their business but often feel uncomfortable about IT related
compliance requirements due to unfamiliarity with the subject matter. There are a host
of qualified service providers that can assess your individual needs and make recommendations for policy and
procedural changes as well as environmental improvements.
The good news is, there are many ways your IT disaster recovery plan can be improved. This article will introduce
you to five ways to “disaster-proof” your credit union’s IT environment. And while having said that, we all know
there is no way to truly disaster-proof your environment; however, solid planning and preparedness can greatly
reduce the likelihood of a simple or severe disaster creating downtime for you, or more importantly, your
membership.
Encompass Group, LLC | 2310 Superior Avenue E, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100

2. Here are five basic concepts to consider when designing your credit union’s IT disaster recovery plan:
1. Always start with a comprehensive risk analysis. The most prepared credit unions have
a deep understanding of their systems both technically and functionally. Technically you
must have detailed documentation of all aspects of information systems including network
configuration, platforms, and line of business applications. Start with the application
environment by taking a detailed inventory of software, who depends on each, and their
criticality to maintaining member service. Since access to these applications is so important
to maintaining member service, it is important to complete an in depth situation analysis.
Think in terms of, if this happens, then what. For example, if internet connectivity is
disrupted, what does this impact? Does it impact ATM connectivity? Access to core
processor? Does it impact everyone or just the branch environment? If a specific lone event
can cause disruption to a critical function, it is considered a single point of failure. A
comprehensive risk analysis aims to minimize single points of failure. Based on size and
budget, some credit unions seek to eliminate single points of failure altogether, while in
some cases it is enough to identify the single point of failure and institute a failover
strategy. These strategies should be documented in your procedure manual.
2. Don’t forget non-core processor systems! There is a natural tendency for credit unions to
focus so pointedly on their core processor that they often lose sight of other systems they
deeply rely on. No doubt the core processor is the single most important system in place for
any financial institution but it can be similarly important to maintain accessibility to such
ancillary systems as: document management and imaging, lending platforms, email and
collaboration systems, CRM and MCIF systems, etc. Don’t forget these critical systems
when considering your disaster preparedness strategy.
3. While technology is important, credit unions often misjudge their dependency on the
human aspect of IT. Maintaining uptime of critical systems is important; however, what
would happen if your IT team, often a single individual, were to disappear? Does your
credit union have the detailed documentation in place necessary to pick up the pieces and
move forward? Does your credit union rely on a single person to maintain access to critical
systems? If so, this can be a security and disaster preparedness risk. Also, on the topic of
the human aspect IT, does your member-facing staff have a good understanding of backup
procedures and how to communicate to a member when systems are temporarily down?
Training is important here. Also, consider working with your IT staff or provider to draft a
comprehensive set of systems documentation including credentials, systems configurations,
scenario analysis, etc. Store this in a safe place, one that is accessible even in a disaster
situation – that’s when you’ll need it most.
Encompass Group, LLC | 2310 Superior Avenue E, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100

3. 4. Have a solid and actionable testing procedure in place, and follow-through. Once your
credit union has solid disaster preparedness policies and actionable procedures in place it is
important to have a regularly scheduled testing routine. Consider monthly, quarterly,
semiannual and annual testing procedures. Document frequencies and timelines. Document the
results of each test and resulting action items. For example, too often we see credit unions that
take daily backups and rarely (if ever) complete a test restore to ensure their backup data is
actually usable in a disaster situation. Typical testing activities include: backup battery testing
and runtime analysis, generator failover testing and runtime analysis, test restore of backup
data, testing of backup internet connectivity and failover functionality, testing of alternate
access to core processor systems, etc. Consider a regularly scheduled mock disaster with your
team.
5. Consider new technologies: virtualization, remote backups, wireless functionality. There
are a myriad of new technologies today that weren’t available or were not cost effective just
two or three years ago. One technology is virtualization; consider this technology to not only
reduce the size of the server environment but to also reduce restoration time in a disaster
scenario. For example, a server your credit union relies on can often be virtualized and imaged
in a way that can be rapidly restored if necessary, thus reducing downtime when disaster
strikes. Remote data backups are another technology that has minimized many credit unions’
dependency on tape-based backups and also increases data security and reduces cost. New
wireless functionality exists today that can provide internet connectivity to an entire credit
union or branch office in an internet outage situation. This technology uses a router equipped
with a cellular receiver that can utilize a wireless carrier to stream internet to the financial
institution. These are just three new technologies, there are more available and more coming
down the pike, consult a credit union IT professional for more ideas.
Learn more at our website: www.encompassgroupllc.com
About Encompass Group, LLC
We help credit unions better utilize technology to support their goals as well as meet and maintain regulatory standards.
The technical requirements facing today’s credit unions are often more challenging than comparably sized for-profit companies. That is why our team has developed
specific skill sets to address those challenges – enabling our credit union clients to operate more efficiently and to focus on what they do best: servicing and growing
their membership.
Encompass Group, LLC | 2310 Superior Avenue, Suite 010 | Cleveland, Ohio 44114 | 216.539.0100