12 CFR § 609.935 - Business planning.

---
identifier: "/us/cfr/t12/s609.935"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "12 CFR § 609.935 - Business planning."
title_number: 12
title_name: "Banks and Banking"
section_number: "609.935"
section_name: "Business planning."
chapter_name: "FARM CREDIT ADMINISTRATION"
subchapter_number: "B"
subchapter_name: "FARM CREDIT SYSTEM"
part_number: "609"
part_name: "CYBER RISK MANAGEMENT"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "Sec. 5.9 of the Farm Credit Act (12 U.S.C. 2243); 5 U.S.C. 301; Pub. L. 106-229 (114 Stat. 464)."
regulatory_source: "88 FR 85832, Dec. 11, 2023, unless otherwise noted."
cfr_part: "609"
---


# 609.935 Business planning.

The annually approved business plan required under subpart J of part 618 of this chapter, and § 652.60 of this chapter for System institutions and the Federal Agricultural Mortgage Corporation, respectively, must include a technology plan that, at a minimum:

(a) Describes the institution's intended technology goals, performance measures, and objectives;

(b) Details the technology budget;

(c) Identifies and assesses the adequacy of the institution's entire cyber risk management program, including proposed technology changes;

(d) Describes how the institution's technology and security support the current and planned business operations; and

(e) Reviews internal and external technology factors likely to affect the institution during the planning period.