- Information Security Program (ISP)
Information Security Assessment Services (ISAS)
- Internal Security Assessment (ISA)
- External Vulnerability Assessment/Penetration Testing (EVA/PT)
- Physical Security Assessment (PSA)
- Remote Internal Vulnerability Assessment (R/IVA)
- Wireless Vulnerability Assessment (WVA)
- Branch Controls Assessment (BCA)
- Virtual Vulnerability Assessment (VVA)
- Website Penetration Testing Assessment (W/PTA)
- Mobile Device Management Assessment (MDM)
- Risk Management/Business Continuity Program
- CastleGarde NetAudit (CNA)
- Remote Social Engineering (RSE)
- Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Audit
- Website Compliance Assessment (WCA)
Business Continuity Program (BCP)
CastleGarde’s Business Continuity Program is developed to assist credit unions in managing a serious disruptive crisis in a controlled and structured manner. Business Continuity Planning is a key part of the three-part umbrella encompassing an organization’s Business Continuity Management Program: Business Continuity Planning, Disaster Recovery and Incident Response. A Business Continuity Plan should support enterprise-wide recovery of critical systems and must include a Business Impact Analysis (BIA), evaluation of strategy alternatives, development of business continuity plans for key business functions, and incorporate critical and essential business functions for your Business Continuity Program.
CastleGarde utilizes guidance from the Federal Financial Institution Examination Council (FFIEC) Business Continuity Management Handbook as well as Appendix B to NCUA Part 749 along with other industry best practices to develop a comprehensive living document to support proactive measures to mitigate disruptive events that aligns with the credit union’s strategic goals and objectives in addition to remaining compliant with regulations to safeguard member, employee and organization information, products and services.
CastleGarde applies an industry-standard project methodology approach comprised of the following five project phases:
This is the identification phase of the engagement. CastleGarde works with management and departments to assess critical functions, essential staffing, systems requirements and other aspects for recovery after a disaster event. CastleGarde also reviews existing Business Continuity Plans to identify gaps or recovery strategy alternatives and delivers a summary “Trip Report” to the client.
After reviewing the Trip Report with the client, CastleGarde develops the Business Impact Analysis (BIA), Critical Prioritization Matrix and Risk Analysis; the framework for the full Business Continuity Plan (BCP). These critical components identify the resiliency planning, mitigation controls and impacts of a contingency event on an organization. Once the BIA and Risk Analysis are reviewed, CastleGarde begins development of the full BCP.
CastleGarde works with the client to develop, validate and implement the enterprise-wide Business Continuity Plan utilizing the framework developed in the BIA. A final, editable version of the BCP is then delivered to the client after all draft revisions are completed.
Managing the BCP after implementation includes an annual BCP Table Top Exercise lead by CastleGarde with the BCP Team and other Management Team members that meets FFIEC and NCUA regulatory guidance. The Tabletop can be contracted as an onsite or remote exercise based on client needs. Following the BCP Table Top Exercise a final report analysis with any identified outcomes and a recovery rating completes the engagement.
CastleGarde offers the option to contract for Annual Maintenance of the Business Continuity Plan to ensure the Credit Union maintains the plan according to regulatory guidance and changes.