De Nederlandsche Bank N.V. May Assessment Framework for Financial Core Infrastructure Business Continuity Management
|
|
- Rosamond Simon
- 7 years ago
- Views:
Transcription
1 De Nederlandsche Bank N.V. May 2011 Assessment Framework for Financial Core Infrastructure Business Continuity Management
2 Contents INTRODUCTION... 3 BUSINESS CONTINUITY MANAGEMENT STANDARDS STRATEGY / POLICY BUSINESS IMPACT ANALYSIS / RISK ANALYSIS SCENARIOS / MEASURES TESTING / MONITORING MANAGEMENT AND MAINTENANCE CRISIS MANAGEMENT AND COMMUNICATIONS
3 Introduction In 2004, the Assessment Framework for Business Continuity Planning (BCP) was launched as a framework for banks and market infrastructures. In 2006, this range of criteria was supplemented with guidelines for the continuity of the human factor for criticial systems / operational processes. In 2010 the framework was reviewed in light of the further development of standards by standardisation institutes,1 market best practices and the development and review of norms by financial authorities.2 This latest review has led to the present Assessment Framework for Financial Core Infrastructure (FCI) Business Continuity Management (BCM).3 This framework is in alignment with the continuity element in a number of international assessment frameworks4 of these financial authorities. It was drafted in supplementation to these international frameworks because the FCI for payment and securities systems includes both financial market infrastructures (FMIs such as clearing and settlement firms) and banks, whereas the international frameworks regard either (part of the) FMIs or (part of the) banks. De Nederlandsche Bank (DNB) and the Netherlands Authority for the Financial Markets (AFM) employ this Assessment Framework to determine to what extent its standards are adhered to by the institutions that make up the FCI. Compliance with the standards in this Assessment Framework for FCI Business Continuity Management does not relieve institutions from the obligation to comply with international assessment frameworks (such as those of the BIS/IOSCO), where they apply to e.g. specific systems. As the FCI consists partly of institutions providing payment and securities settlement systems and partly of institutions participating in such systems, the providers of systems may impose requirements on participants in terms of security and of business continuity. Participants must be alert to this and meet such requirements. Business continuity is linked with several related fields of expertise: information security, physical security, crisis management and, in a broader sense, (operational) risk management. In the business continuity process, these relationships must be taken into account and policy and measures must be in alignment. Yet while the subject of crisis management will be explicity reflected in the standards of this Assessment Framework, other related fields of expertise will not. 1 Such as BS of the British Standards Institute 2 Such as the European Central Bank (ECB), the Committee on Payment and Settlements Systems (CPSS) of the Bank for International Settlements (BIS), the International Organization of Securities Commissions (IOSCO), the Basel Committee on Banking Supervision (BCBS) and the Joint Forum (which represents the BCBS, the IOSCO en de International Association of Insurance Supervisors (IAIS)). 3 The scope of the FCI includes institutions responsible for the principal transaction flows and principal payment and securities settlement systems in the Netherlands. They include market infrastructures as well as participants in these infrastructures. 4 CPSS Core principles for systemically important payment systems, CPSS/IOSCO Recommendations for securities settlement systems, CPSS/IOSCO Recommendations for central counterparties, BCBS / Joint Forum High Level Principles for Business Continuity, ECB Business continuity expectations for systemically important payment systems. 3
4 They are dealt with on a supra-institutional level by several consultation structures created and run by the Dutch financial sector itself. Specifically for business continuity, the Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) has been set up to discuss policy issues and share experiences in the field of business continuity and the protection of critical infrastructures. Within this Platform, the FCI institutions discuss issues such as the application of best practices, and formulate joint criteria for critical service providers. As regards supra-institutional operational crises in payment and/or securities systems, a Tripartiet Crisismanagement Orgaan (TCO) was set up in which DNB, the AFM and the Ministry of Finance participate. In this crisis management structure, the institutions participating in the FCI are represented in a consultative body and three advisory committees. The rest of this document discusses the actual norms: (1) strategy and policies in business continuity management; (2) business impact and risk analyses; (3) scenarios and measures; (4) testing and monitoring; (5) management and maintenance; and (6) crisis management and communications. 4
5 Business Continuity Management Standards 1. Strategy / policy Every institution must have a board-approved business continuity policy and business continuity plan (BCP) in place5. The policy and plan combine to form an essential element in the institution s overarching operational risk management framework, with which they must be in line. The BCP identifies the critical operating processes and associated systems, and lays down the strategy, policy principles and objectives regarding the continuity of these critical operating processes. Identification of the critical operational processes must be based on a business impact analysis (BIA). The plan must furthermore specify and explain the maximum acceptable timespan during which operating processes and systems may be inoperative. This timespan determines the recovery time objective or RTO, which is the time needed to restore the processes and systems to working order. Apart from the RTO, the BCP must also define the objective for the maximum acceptable data loss (Recovery Point Objective). Based on an analysis, threat scenarios must be drawn up describing various potential disruptions of operating processes, taking account of both external and internal threats. These scenarios should also provide for measures to safeguard realisation of the service levels agreed with the stakeholders and laid down in the relevant service level agreements. The measures must be based on a risk analysis. The plan must address specific aspects such as the organisation s international dimension and the consequences of, e.g., outsourcing or offshoring. Where institutions participate in clearing and/or settlement systems reference must be made to the requirements to be met in this context by the participants. The plan must also identify the national and international assessment frameworks and standards6 that must be satisfied. Keeping the plan up to date is a continuous process involving periodical formalisation, as per policy, and ad hoc formalisation in the event of far-reaching changes in the organisation, operating processes or systems. An institution s business continuity management must be assessed by an independent party such as an internal or external auditor. 5 Policy and plan may consist of a coherent set of documents. 6 Examples are the BIS, CPSS and IOSCO principles and recommendations. 5
6 2. Business impact analysis / risk analysis Business impact analysis / critical operating processes and systems Every institution must perform a business impact analysis to determine the consequences of complete or partial malfunctioning of an operating process. Such an analysis results in an inventory of critical operating processes and systems / resources. The analysis should include not only the impact of the malfunctioning process on the institution, but also the impact on the payment and securities systems of which the process / system concerned forms part. The extent to which other institutions depend on the proper functioning of a process counts towards its degree of criticality. The business impact analysis must be kept up to date and performed after every implementation of a new process / system or every major change. Risk analysis / scenarios and measures Every institution must have performed a risk analysis, identifying per critical process / system the direct and underlying possible causes of its malfunctioning. Next, an inventory is made for each of the threat scenarios identifying what measures are in place or what measures might be taken to mitigate the risk (probability and impact). Finally, the residual risks accepted by the board must be documented. These steps are summarised in Table 1. TABLE 1 Steps of a risk analysis Why is the process unavailable? (Partial) unavailability of (and/or) People IT systems7 Communications8 Buildings9 What is the cause? What controls / measures are available? Natural calamities (fire, storm, earthquake, flood etc.) Technical failure (hardware / software malfunction, power cut etc.) Organisational failure (human error, sickness etc.) Wilful malice (sabotage, terrorism, cybercrime etc.) Measure / control categories: Preventive Detective Corrective Response What residual risks remain? List of accepted residual risks One element of such a risk analysis is the identification of single points of failure. These may not only be of a technological nature but may also relate to an organisational unit or to the concentration of essential knowledge in one or very few staff members. The risk analysis must be kept up to date and be repeated after every implementation of a new process / system or every major change. The risk analysis outcome must be endorsed 7 Including data/information. 8 Includes both voice and data communication facilities. 9 Includes infrastructural facilities such as power and water. 6
7 at least anually by the management, whether or not any changes have been made to processes or systems. Dependence on service providers / participants The risk analysis must concern itself explicitly with the organisation s dependence on utilities and basic facilities (power, gas, water, telecommunications) and external service providers; the specific risks which such dependence implies for the continuity of critical processes; and the measures taken against each such risk to ensure continuity. The BCP must specify clearly what agreements have been made with the service providers concerned, the form and manner in which information on the measures of the service providers and their performance vis-à-vis the service level agreements is available, and how guarantees are obtained with respect to implementation and operation of these measures. Such specification may be in the form of references to the relevant contracts and service level agreements. The institution must also have contemplated possible alternatives to safeguard the continuity of utilities and basic facilities. The Financial Market Infrastructures (FMI) consist of institutions that manage clearing and settlement systems in which other FMIs and/or financial institutions participate, or that provide other infrastructural services. Such FMIs must, in their risk analysis, explicitly consider the risks to their systems arising from the activities of participants. Based on the analysis, participants in a system must be bound to operational requirements corresponding to the importance of each participant in that system. 3. Scenarios / measures The risk analysis yields an overview of the risks and mitigating measures for several scenarios. Certain aspects need explicit attention. Human factor The BCP must make clear in what way the human factor has been accounted for.10 The human factor should pose as little difficulty as possible in the continuation of business processes and IT support systems. The BCP must set forth whether and how the deployment of (other) employees after a calamity may be organised. Maximum tolerable period of disruption The measures in respect of the various scenarios must aim to ensure that critical operating processes and systems can be resumed within the applicable RTOs. The RTO for each process must be in line with the terms of the applicable service level agreement. For certain processes (e.g. clearing and settlement) the possible existence of (inter)national regulatory requirements must be taken on board. 10 Note: this Assessment Framework does not regard the emergency response plans that aim to bring personnel to safety in a calamity situation. 7
8 Alternative premises Every institution must be able to move its critical processes and systems from its primary location to one or more alternative locations. In many cases, there are several alternative locations, often with ICT set apart from the business. The alternative locations must have different risk profiles as compared to the primary location. Measures ensuring adherence to the RTO must take into account the time needed to take the relocation decision. Also taken into account must be employees transfer time to the alternative location. An institution must also have elaborated recovery plans describing the activities that need to be undertaken to return to the normal situation. Aspects to be considered in determining locations risk profiles are: 1. The composition and capacity of the infrastructure in the alternative sites must be sufficient to allow the operation of critical processes to be taken over from the primary sites. 2. Sufficient numbers of personnel must be able to be deployed on the alternative locations to ensure continued operations within the RTO. 3. The distance between and access to the locations must take into account the risk of traffic congestions, obstruction resulting from natural disasters (which may impact both locations simultaneously) and the time needed to move from one location to another. 4. disruption of utilities and basic facilities (power, water, telecommunications) must where possible be capable of being circumvented, or else the likelihood of disruption must be mitigated to an acceptable level. 4. Testing / monitoring The continuity measures in the BCP must be tested regularly. This includes testing the emergency relocation of processes and systems under several different scenarios, including large-scale disruptions and the switchover from the primary to one or more alternative sites. Testing should involve the relocation of both IT systems and business processes. Service providers must be involved regularly in such tests, and in the case of FMIs, so should critical participants. Depending on the importance of a business process or system, measures must be tested at least once a year. The test results must be recorded in reports mentioning identified deficiencies and points for attention, appointing a unique problem owner and stating a resolution period. The BCP must include a testing calendar stating the testing schedule and describing a procedure for the way the test results are to be incorporated in the BCP. The relevant institutions must implement an incident management process (detection, escalation, analysis and monitoring of incidents). After all, incidents may also provide an indication that measures need to be reviewed. 8
9 5. Management and maintenance Business continuity is a responsibility of the process owner. The institution must ensure that responsibility for business continuity management is allocated explicitly within its hierarchy. Sufficient capacity must be made available to fulfil this responsibility. The resulting business continuity organisation must be documented including a clear description and delineation of duties concerning the management and maintenance of the business continuity plan. Maintenance includes keeping abreast of developments in national and international standards and assessment frameworks, of (international) legislation and of changes taking place within the organisation and in service level agreements. 6. Crisis management and communications Every institution needs to have a crisis management organisation in place whose mandate enables it to take decisions and activate measures in case of an operational calamity. The crisis management organisation reports to the board. The organisation and its associated plans and procedure must be clearly documented. Every institution must have a communications plan describing the way in which, in case of a calamity, communications to all stakeholders are to be organised as adequately as possible. Stakeholders include, in any case, clients, staff, the other FCI institutions, regulators and the media. The crisis management organisation, procedures and communications plans for the individual institutions must mesh with the organisation, procedures and agreements in the context of operational sector crisis management as applicable to the Financial Core Infrastructure. The crisis management organisation, procedures and communications plans of individual institutions must be tested regularly (in accordance with policy) but at least once a year. The test results must be recorded in reports mentioning identified deficiencies and points for attention, appointing a unique problem owner and stating a resolution period. At the sector level, this must happen at least once every three years, with participation by all institutions belonging to the FCI. 9
Principles for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationAssessment Framework Business Continuity Planning (BCP) Financial Core Infrastructure
De Nederlandsche Bank N.V. 1 January 2007 Payment Policy Division Assessment Framework Business Continuity Planning (BCP) Financial Core Infrastructure Version: 2007 2 ASSESSMENT FRAMEWORK BCP FINANCIAL
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief
More informationConsultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions
Committee on Payment and Settlement Systems Board of the International Organization of Securities Commissions Consultative report Principles for financial market infrastructures: Assessment methodology
More informationHow To Assess A Critical Service Provider
Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationNovember 2007 Recommendations for Business Continuity Management (BCM)
November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationAugust 2013 Recommendations for Business Continuity Management (BCM)
August 2013 Recommendations for Business Continuity Management (BCM) 1 Background and objectives... 2 2 Principles... 3 3 Scope of application and threats... 4 4 Recommendations... 6 4.1 Definition and
More informationGUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004
GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE October 2004 1 1. Introduction Guaranteeing the efficiency and correct operation of money and financial
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationSUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES
SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More informationHow To Manage A Financial Institution
BUSINESS CONTINUITY MANAGEMENT GUIDELINE April 2010 Table of Contents Preamble...3 Introduction...4 Scope...5 Coming into effect and updating...6 1. Continuity and resumption of business...7 2. Sound and
More informationPrudential Practice Guide
Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationGuideline on Business Continuity Management
Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationAdvisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities
Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No
More informationLFRS Business Continuity Planning
LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationWEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy
WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationGuidance Note XGN XXX.1
Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationFinancial Services Guidance Note Outsourcing
Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14
More informationStatement of Guidance
Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational
More informationBusiness continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations
Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations June 2015 2 Publication details Recipients: All insurance companies supervised by Finma
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationBUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES
BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES New rule Current Rule Proposed Rule 4.6.21 Business Continuity Requirements The following requirements
More informationPrudential Practice Guide
Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationFlinders University IT Disaster Recovery Framework
Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date
More informationESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1
ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market
More informationMEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries
IOSCO/MR/54/2015 Madrid, 22 December 2015 IOSCO reports on business continuity plans for trading venues and intermediaries The Board of the (IOSCO) today published two reports that seek to enhance the
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationBusiness Continuity & Crisis Management
Group Standard Business Continuity & Crisis Management The need to plan and respond effectively is critical to the successful management of any crisis situation. Business Continuity Management is the holistic
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationWith the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationBusiness Continuity Management - A Guide to the Italian Premier Control System
BELA-BELA LOCAL MUNICIPALITY Chris Hani Drive, Bela- Bela, Limpopo. Private Bag x 1609 BELA-BELA 0480 Tel: 014 736 8000 Fax: 014 736 3288 Website: www.belabela.gov.za OFFICE OF THE MUNICIPAL MANAGER Information
More informationIT Disaster Recovery Plan Template
HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned
More information<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP
IT Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History REVISION DATE NAME DESCRIPTION Original 1.0 2 Table of Contents Information Technology Statement
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationAssessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC
Assessing Your Disaster Recovery Plans Gregory H. Soule, CPA, CISA, CISSP, CFE Andrews Hooper Pavlik PLC Andrews Hooper Pavlik PLC Agenda Business Continuity Concepts Impact Analysis Risk Assessment Risk
More informationOffsite Disaster Recovery Plan
1 Offsite Disaster Recovery Plan Offsite Disaster Recovery Plan Presented By: Natan Verkhovsky President Disty Portal Inc. 2 Offsite Disaster Recovery Plan Introduction This document is a comprehensive
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationBusiness Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited
Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity
More informationBusiness Continuity Planning (BCP) 101
2011/EPWG/WKSP/004 Intro 1 Business Continuity Planning (BCP) 101 Submitted by: Business Continuity Management Institute Workshop on Private Sector Emergency Preparedness Sendai, Japan 1-3 August 2011
More informationGuidelines on business continuity for market infrastructures
1. Introduction Guidelines on business continuity for market infrastructures In July 2013 the Banca d Italia issued a set of requirements for business continuity for banks (Annex A). The increasing complexity
More informationAttachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines
Version 2 May 2004 TABLE OF CONTENTS PURPOSE OF DOCUMENT... 2 ASSOCIATION RULE REQUIREMENT BY-LAW NO. 17.19.... ERROR! BOOKMARK NOT DEFINED. GUIDELINES FOR NING... 2 SCOPE OF THE PLAN... 2 GOVERNANCE AND
More informationRESERVE BANK OF VANUATU OPERATIONAL RISK MANAGEMENT
RESERVE BANK OF VANUATU DOMESTIC BANK PRUDENTIAL GUIDELINE NO 12 OPERATIONAL RISK MANAGEMENT 1. This Guideline outlines a set of principles that provide a framework for the effective management of operational
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationSouth Norfolk Council Business Continuity Policy
South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document
More informationBusiness Continuity Planning
Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationIl nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationCPSS-IOSCO S Principles for Financial Market Infrastructures (FMIs)
White paper Consistent and objective assurance enables compliance Highlights CPSS 1 -IOSCO 2 raise the bar for financial market infrastructures and their critical service providers to help achieve effective
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationChecklist of ISO 22301 Mandatory Documentation
Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More informationBUSINESS CONTINUITY PLAN OVERVIEW
BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and
More informationBusiness continuity management policy
Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business
More informationSubject: Internal Audit of Information Technology Disaster Recovery Plan
RIVERSIDE: AUDIT & ADVISORY SERVICES June 30, 2009 To: Charles Rowley, Associate Vice Chancellor Computing & Communications Subject: Internal Audit of Information Technology Disaster Recovery Plan Ref:
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2014 Date October 18, 2014 Status Author Business Continuity Management (BCM) Page 1 of 8 Table of Contents 1. Credit Suisse Business Continuity Statement 3 2.
More informationBusiness Continuity Management Program Development Guide
Business Continuity Management Program Development Guide Prepared by The NS Emergency Management Office, Winter 2012 Version 1.1 Page 2 of 24 Document Revision History Date Author Revision Notes Fall 2011
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationPROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management
PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation
More informationEnsuring operational continuity
Certification of BCMS (Business Continuity Management Systems) Standard BS 25999-2 Certification of BCMS (Business Continuity Management System Ensuring operational continuity in the event of interruptions,
More informationREGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.
REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD. Date and number of approval/modification by the Board of Directors: 36/2010 September 15, 2010 No. and date of approval by
More informationBusiness Continuity Management
Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain
More informationNHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0
NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationBirmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy
Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Part Two Part One Not Protectively Marked DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy. The Dorset & Wiltshire Fire and Rescue Authority (DWFRA)
More informationClovis Municipal School District Information Technology (IT) Disaster Recovery Plan
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More information