SEATTLE-Since the terrorist attacks of September 11, what to do following a disaster are at the top of credit unions' list of vital questions, particularly since several credit unions were directly affected by the events. More recently, flooding in Texas and fires throughout states in the West have brought the issue of carrying on business in these environments to the forefront. At NAFCU's 35th Annual Conference, Counter Intelligence Associates President Thomas Glatt advised credit unions in the breakout session, Beyond "Disaster Recovery" to Business Resumption. The most important issue is protecting employees and members, as well as property. "If you do really good disaster recovery, you will protect human life and property," he explained. Credit unions must also minimize the effect of a disaster on the credit union and its members and minimize the potential for financial loss or exposure. However, Glatt warned, "The financial loss isn't nearly as much as the emotional loss." He referred to the experience of XCEL Federal Credit Union CEO Jim Wisnieski, who introduced Glatt, when the World Trade Center collapsed. Additionally, credit unions and their management are responsible for ensuring organizational stability, including having a succession plan, and ensuring orderly and timely resumption or continuation of operations. In the disaster planning process, credit unions must start by obtaining senior management commitment to coordinate and assist in creating a contingency plan, Glatt suggested. A steering committee should be formed from representatives of key departments to supervise the development, implementation, and maintenance of the plan. Each credit union is different and must assess its own risks, including natural, technical, and man-made threats, he recommended. Examples of potential natural threats include earthquakes, fire, or wind damage. Technical crises can include power failure, telecommunications failure, or a gas leak. Human threats can range from a simple data entry error to malicious damage and destruction. Disasters should be ranked according to probability for the individual credit union based on credit union or regional history. Next, credit unions must evaluate functional operations, critical personnel, information, processing systems, vendors' equipment, documentation, storage of vital records, and policies and procedures on a continual basis. Processing and operations must also be prioritized, whether performed on-site or outsourced, and must be reviewed periodically. Recovery strategies and procedures could include reciprocal agreements, multiple computers and data centers, vendor supplied equipment or a combination of these. These agreements should be secured for specific recovery alternatives, according to Glatt. Make sure the entire plan is captured in writing, he recommended. Update the plan as changes arise. Finally, seek board approval as required by the Federal Financial Institutions Examination Council. The board should revisit the plan annually, Glatt said. [email protected]