CANADIAN PAYMENTS ASSOCIATION LVTS RULE 11 CHANGE MANAGEMENT, TESTING AND CERTIFICATION

Similar documents
CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE E3 RULES APPLICABLE TO ELECTRONIC DATA INTERCHANGE TRANSACTIONS

CHARTERED PROFESSIONAL ACCOUNTANTS OF ONTARIO

Federal Deposit Insurance Corporation Improvement Act 1

Contingency Planning and Disaster Recovery Internal Control Questionnaire

Service Agreement Hosted Dynamics GP

THE CORPORATION OF THE TOWNSHIP OF EAST ZORRA-TAVISTOCK COUNTY OF OXFORD BY-LAW #2012-4

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE F1 RULES APPLICABLE TO AUTOMATED FUNDS TRANSFER (AFT) TRANSACTIONS

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

NYSED DATA DASHBOARD SOLUTIONS RFP ATTACHMENT 6.4 MAINTENANCE AND SUPPORT SERVICES

Justice Information Sharing Division ( ND CJIS ), and

Standard CIP Cyber Security Security Management Controls

BUSINESS ASSOCIATE AGREEMENT

SCHOOL DISTRICT OF BLACK RIVER FALLS HIPAA PRIVACY AND SECURITY POLICY

LCD SOLUTIONS and CLICKTATE.COM BUSINESS ASSOCIATE AGREEMENT and DISCLOSURE of RIGHTS to COVERED ENTITIES

Vendor Management. Outsourcing Technology Services

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE G12

BUSINESS ASSOCIATE AGREEMENT

Business Associate Agreement

CONTINUING PROFESSIONAL DEVELOPMENT

"FALSE ALARM BYLAW 1994 NO. 4786"

MANDATORY PROVIDENT FUND SCHEMES AUTHORITY. IV.25 Guidelines on Electronic System for Transmission of Data on Transfer of Accrued Benefits

BUSINESS ASSOCIATE AGREEMENT ( BAA )

MASTER SERVICE LEVEL AGREEMENT (MSLA)

SAMPLE ESCROW AGREEMENT APPLICATION SOFTWARE SOURCES CODE

FirstCarolinaCare Insurance Company Business Associate Agreement

RL Solutions Hosting Service Level Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT

Title 1, Chapter 57 of the Texas Administrative Code

HIPAA BUSINESS ASSOCIATE AGREEMENT

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

TUFIN SOFTWARE NORTH AMERICA, INC. GENERAL TERMS AND CONDITIONS FOR SUPPORT AND MAINTENANCE SERVICES [Last revised: May 11, 2014]

HIPAA and Mental Health Privacy:

Agreement to Provide Tourism Promotion Services between The City of Ontario & The Chamber of Commerce

THE ONLINE GAMBLING REGULATION ACT THE ONLINE GAMBLING (DISASTER RECOVERY) (No. 2) REGULATIONS. Laid before Tynwald 16 th October 2007

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

FORM F4 CAPITAL MARKETS PARTICIPATION FEE CALCULATION

BUSINESS CONTINUITY MANAGEMENT REQUIREMENTS FOR SGX MEMBERS NEW RULES FOR INCLUSION IN SGX-ST RULES

Article 5.--CODE OF PROFESSIONAL CONDUCT

NEBRASKA PROPERTY AND LIABILITY INSURANCE GUARANTY ASSOCIATION ACT

1.4 INDEPENDENT CONTRACTOR PROFESSIONAL SERVICES AGREEMENT

CITY OF ST. CATHARINES Q5-302 BY-LAW NO. A By-law to provide for the licensing and regulating the keeping of

Customer Responsiveness Strategy

Enterprise UNIX Services - Systems Support - Extended

IMMIGRATION CONSULTANTS OF CANADA REGULATORY COUNCIL PRACTICE MANAGEMENT EDUCATION REGULATION

FISHERIES Treaty between CANADA and the UNITED STATES OF AMERICA Washington, May 26, 1981 In force July 29, 1981

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

HIPAA Privacy and Business Associate Agreement

VIEJAS BAND OF KUMEYAAY INDIANS TRIBAL CODE TORT LIABILITY ORDINANCE. Enacted Table of Contents

SCHEDULE D. SERVICE LEVEL AGREEMENT MERCHANT CARD PROCESSING SERVICES STATE OF NORTH CAROLINA AND SUNTRUST MERCHANT SERVICES Contract Number

STATE OF NEVADA Department of Administration Division of Human Resource Management CLASS SPECIFICATION

DEBT MANAGEMENT FORM (the Form )

THE BUDAPEST STOCK EXCHANGE LTD. REGULATIONS ON THE USE OF REMOTE TRADING

GEORGIA ASSOCIATION OF ACCOUNTING EDUCATORS

ORDER I. COURT ADMINISTRATION

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Everything you need to open new doors. Becoming an. Approved Lender

SPYDERS END USER LICENSE AGREEMENT TERMS AND CONDITIONS

BUSINESS ASSOCIATE CONTRACTUAL ADDENDUM

252 CMR: BOARD OF REGISTRATION IN PUBLIC ACCOUNTANCY

PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES

APPLICATION FOR THE E911 RURAL COUNTY GRANT PROGRAM

Clearing and Settlement Procedures. New Zealand Clearing Limited. Clearing and Settlement Procedures

CHIEF ADMINISTRATIVE OFFICER CONTINGENCY SUCCESSION PLAN Adopted by Executive Committee: June 11, 2013 Amended: July 29, 2014

Barry University Alumni Association Law School Chapter Constitution and Bylaws. Article Three Membership

Scope Statement for North Carolina State University. Administrative Computing Services. Disaster Recovery Services

BUSINESS VALUATION Detailed Valuation Report Introduction

PART II. TERMS AND CONDITIONS

02 DEPARTMENT OF PROFESSIONAL AND FINANCIAL REGULATION CERTIFIED PUBLIC ACCOUNTANT LICENSE REQUIREMENTS

University of Illinois Bands Alumni BYLAWS

THE BEACON MUTUAL INSURANCE COMPANY CHARTER

GL ON THE MINIMUM LIST OF SERVICES AND FACILITIES EBA/GL/2015/ Guidelines

Waupaca County Planning & Zoning

Business Continuity Plan

SCOPE: All escrow companies licensed by the state of New Mexico. [ NMAC - Rp, 12 NMAC , 7/1/15]

BUSINESS ASSOCIATE ADDENDUM. WHEREAS, Provider (as defined below) has a contractual relationship with FHCCP requiring this Addendum;

Health Plan Select, Inc. Business Associate Privacy Addendum To The Service Agreement

Maryland Transportation Authority

BUSINESS ASSOCIATE AGREEMENT

Saskatchewan College of Psychologists 348 Albert Street Tel: (306) Regina SK S4R 2N7 Fax: (

Information & Technology Management Branch Ministry of Education. Change Management Policy

CLIENT ACCOUNT REGULATION

Transcription:

CANADIAN PAYMENTS ASSOCIATION LVTS RULE 11 LVTS Rule 11, December 1998: as amended November 25, 2002, November 24, 2003, May 31, 2004, August 14, 2006, January 28, 2008, August 16, 2010, January 1, 2013 and January 5, 2015.

Implementation date: January 5, 2015 TABLE OF CONTENTS AUTHORITY... 1 CPA AVAILABILITY... 1 NEW AND CERTIFICATION... 1 TECHNICAL QUALIFICATIONS... 1 REPORT... 1 LVTS CHANGE... 1 FIRST LEVEL... 2 SECOND LEVEL... 2 THIRD LEVEL... 2 CHANGE MANAGEMENT... 2 CHANGE... 3 REQUIRED ASSISTANCE... 3 TEST AND TRAINING BIC... 3 OTHER... 3 ONGOING TRAINING... 3 CPA BUSINESS CONTINUITY... 3 BUSINESS CONTINUITY... 4 SYSTEM... 4 CLS CONTINGENCY... 4 EVIDENCE OF COMPLIANCE... 4 REPORT... 4

Board implementation date: January 5, 2015 Page 1 AUTHORITY 11.1 This Rule is made pursuant to By-law # 7 LVTS By-law. CPA AVAILABILITY NEW AND CERTIFICATION TECHNICAL QUALIFICATIONS 11.2 The Association shall login to the testing and training regions of the LVTS and shall be available for testing and training as required. The Association shall set up a Payment Message testing terminal in the LVTS testing environment for sending and receiving test payment messages for testing purposes. 11.3 All applicants for participation in the LVTS must meet the technical qualification requirements set out in the Participant user guide developed by the Association. 11.4 All technical qualification requirements will be tested by the Association and will include the requirement for an applicant to process at least one day s volume of test payments utilizing all system components of the LVTS environment with all normal LVTS Cycle steps in place. This testing will be witnessed and monitored by the Association to ensure that complete and accurate testing is completed. The applicant must provide to the Association a complete record of its test results including a record of its monitoring activities for the test day including evidence of payment reconciliation. REPORT 11.5 The Association will produce a complete report of the testing results and a copy of the report will be given to the applicant. This report will include tracking of all calls to the LVTS Help Desk and of all delays or mistakes made by the applicant or any Participant in the test. LVTS CHANGE 11.6 If changes are made to LVTS there will be three (3) levels of testing involving the Participants. For each change an acceptance test working group appointed by the LVTS Participant User Group will oversee all testing and will define and run all required acceptance testing. This acceptance test working group will report back to the Participant User Group. All Participants will be required to participate in the user acceptance tests for any such changes.

Board implementation date: January 5, 2015 Page 2 FIRST LEVEL 11.7 The first level of testing will be to check out any Participant interface changes which have been made to support the new or changed feature(s) and which are required to be used in the user acceptance testing of the change. Each Participant will co-ordinate any such testing in the same manner as it would for changes to one or more of its own systems. SECOND LEVEL 11.8 The second level of tests will be the formal user acceptance testing. This will be a formal documented test. The Association will co-ordinate this testing and will ensure that technical assistance is available in case of problems. THIRD LEVEL CHANGE MANAGEMENT 11.9 11.10 The third level of testing is Participant acceptance testing. This testing will be against the tested software release and it will be up to each Participant to assess its testing needs at this level. The Association will provide assistance if requested. a. Where a Participant plans to implement a system change that may potentially impact its LVTS operations or other LVTS Participants, the Participant must complete a Participant System Change Notification form (Appendix III, Attachment I) in order to determine whether the CPA must be notified of the change. b. If, upon completion of a Participant System Change Notification form, the risk rating on the form is 6 or higher, the Participant must submit the Participant System Change Risk Assessment and Notification form to the Association at least sixty (60) days in advance of implementing the change. c. If the Association determines that a proposed change (with a risk rating of 6 to 8) could potentially impact LVTS operations or other LVTS Participants, the Association may increase the risk rating and, if increased, will advise the Participant of the change in risk rating within ten (10) days of making the change. d. If the Association determines that there are issues with timing or risks associated with a change, the Association will provide the Participant with at least thirty (30) days advance notice that the implementation schedule must be revised. e. Despite subsection (b), where a Participant must implement an emergency change to resolve an operational incident and the change is considered high risk, the Participant shall provide the Association with at least one hour advance notice prior to making the emergency change. If it is not possible to provide advance notice prior to implementing the change, the Participant must notify the Association no later than the next business day following the implementation.

Board implementation date: January 5, 2015 Page 3 CHANGE REQUIRED ASSISTANCE TEST AND TRAINING BIC OTHER ONGOING TRAINING CPA BUSINESS CONTINUITY 11.11 Notwithstanding section 11.10, whenever a Participant makes changes to its CBT or any other system which supports its LVTS operations, the Participant must test any new hardware, software and/or procedures using the LVTS test and training environment. This test and training environment will normally be available 24 hours per day. The Participant must co-ordinate and pre-arrange its testing with the Association. It is up to each Participant to determine what is to be tested and to set its own parameters accordingly. 11.12 If a Participant requires that other Participants and/or the Association take part in the testing it is the responsibility of the Participant to request the assistance of the other Participant, to co-ordinate the testing activities with the Association and to structure the testing to be mutually agreeable to all parties. While it is not required that another Participant take part in the testing for the requesting Participant such requests should be considered as reciprocal assistance. 11.13 Each Participant must provide the Association with a test and training S.W.I.F.T. address (BIC) to be entered into the closed user group to support LVTS testing and training. The Association must be provided this BIC at least three (3) weeks prior to the start of the testing period, unless the Participant in question has already used this BIC in LVTS testing. 11.14 The Association may conduct such other testing relating to system upgrades, Participant system changes, including Bank of Canada system changes, or LVTS changes. Each Participant shall participate in mandatory testing coordinated by the Association, with the exception of CLS testing. 11.15 The test and training facility of the LVTS may be used by a Participant subject to the requirement that such training be coordinated and prearranged with the Association. A Participant may make use of the Association s standard training exercises or a Participant may devise its own when using this facility. 11.16 (a) The Association shall conduct business continuity testing for the LVTS central system at least twice per calendar year. The testing will take place in a production environment over a weekend, during which the Association will move LVTS operations (mainframe) from the primary site to the alternate site within one hour. (b) The Association shall conduct business continuity testing for the LVTS system administration services (people and premises) at least twice per calendar year. The testing will take place during an LVTS Cycle, and will consist of the Association accessing the LVTS central system using its alternate site workstation to generate reports to ensure connectivity.

Board implementation date: January 5, 2015 Page 4 BUSINESS CONTINUITY 11.17 (a) Subject to subsection (b), each Participant shall conduct business continuity testing for its alternate site (people and premises) at least twice per calendar year. The test will consist of the Participant processing payments from its alternate site during an LVTS Cycle. Each Participant shall provide to the CPA, by way of a management attestation statement (attached as Appendix I), confirmation that it has conducted two business continuity tests within the last calendar year and confirm that payments were successfully processed from its alternate site. The management attestation statement shall be received by the CPA no later than January 31 of the following year. (b) Each Participant that regularly processes payments from its primary and alternate sites during an LVTS cycle shall provide to the CPA, by way of a management attestation statement (attached as Appendix II), confirmation that it has successfully processed payments from those locations during the last calendar year. The management attestation statement shall be received by the CPA no later than January 31 of the following year. SYSTEM CLS CONTINGENCY EVIDENCE OF COMPLIANCE 11.18 Each Participant shall conduct disaster recovery testing at least once per calendar year. The test(s) will consist of the Participant successfully sending, receiving and processing Payment Messages using its back-up payments technology and supporting systems (e.g. data centre). All functionalities do not need to be tested at the same time. Each Participant shall provide to the CPA, by way of a management attestation statement (attached as Appendices I or II as applicable), confirmation that it has conducted such testing within the last calendar year and confirmation that this testing was successfully completed. The management attestation statement shall be received by the CPA no later than January 31 of the following year. 11.19 The Association and each Participant involved in CLS-related payments processing shall execute CLS contingency testing in accordance with the procedures in Appendix III of LVTS Rule 12. 11.20 Where the Association, in its discretion, requests confirmation of the completion of any procedure or step by a Participant such confirmation shall be by way of a current (completed with the previous 18 months) audit report, pertinent extract, or management attestation statement dealing with any such steps or procedures, filed with the Association by the Participant s internal audit group, inspection group or management representative executed by a duly authorized officer of the Participant. REPORT 11.21 The Association shall provide to all Participants a complete report of any testing relating to the LVTS which are conducted or supervised by the Association in accordance with the provisions of this Rule.

Board implementation date: January 5, 2015 Appendix I (DATE OF LETTER) Canadian Payments Association 1601 Telesat Court, Suite C3 Ottawa, Ontario K1B 5P4 APPENDIX I - PRO FORMA MANAGEMENT ATTESTATION STATEMENT [LVTS Participant letterhead] [LVTS Participant name] CANADIAN PAYMENTS ASSOCIATION LVTS DISASTER RECOVERY ANNUAL MANAGEMENT ATTESTATION STATEMENT Attention: Vice-President, Payment Operations and CIO 1 In accordance with section 11.17(a)P0F P of the Canadian Payments Association s Large Value Transfer System Rules, [LVTS Participant] hereby confirms that during the period January 1, 20[YY] through December 31, 20 [YY], [LVTS Participant] successfully conducted testing of its alternate site (people and premises) payment processing capabilities on [#] occasions. Testing of the [LVTS Participants] s alternate site payment processing capabilities was conducted on [Month, Day]. (Note: Please include all dates in which the test was performed). 2 In accordance with section 11.18P1F P of the Canadian Payments Association s Large Value Transfer System Rules, [LVTS Participant] hereby confirms that during the period January 1, 20[YY] through December 31, 20 [YY], [LVTS Participant] successfully conducted testing of its back-up payments technology and supporting systems (e.g. data centre) by sending, receiving and processing Payment Messages. As a result of this testing, [LVTS Participant] hereby confirms that we are in compliance with LVTS Rule 11.17(a) and 11.18 of the Canadian Payments Association for the calendar year ending December 31, 20[YY]. Yours truly, (Name of Senior Officer representing the LVTS Participant or the Management Committee representative) (Title of Officer) [] denotes customized information to be provided by LVTS Participant 1 Each Participant shall conduct disaster recovery testing for its alternate site at least twice per calendar year. The test will consist of the Participant processing payments from its alternate site during a production cycle. Each Participant must provide to the CPA, by way of a management attestation statement (attached as Appendix I), confirmation that it has conducted two disaster recovery tests within the last calendar year and confirm that payments were successfully processed from its alternate site. The management attestation statement must be received by the CPA no later than January 31 of the following year. 2 Each Participant shall conduct disaster recovery testing at least once per calendar year. The test will consist of the Participant successfully sending, receiving and processing Payment Messages using its back-up payments technology and supporting systems (e.g. data centre). Each Participant shall provide to the CPA, by way of a management attestation statement (attached as Appendices I or II as applicable), confirmation that it has conducted such testing within the last calendar year and confirmation that this testing was successfully completed. The management attestation statement shall be received by the CPA no later than January 31 of the following year.

Board implementation date: January 5, 2015 Appendix II (end) (DATE OF LETTER) AND CERTIFICATION APPENDIX II - PRO FORMA MANAGEMENT ATTESTATION STATEMENT Canadian Payments Association 1601 Telesat Court, Suite C3 Ottawa, Ontario K1B 5P4 [LVTS Participant letterhead] [LVTS Participant name] CANADIAN PAYMENTS ASSOCIATION LVTS PAYMENT PROCESSING ANNUAL MANAGEMENT ATTESTATION STATEMENT Attention: Vice-President, Payment Operations and CIO 3 In accordance with section 11.17(b)P2F P of the Canadian Payments Association s Large Value Transfer System Rules, [LVTS Participant] hereby confirms that during the period January 1, 20[YY] through December 31, 20[YY], [LVTS Participant] successfully processed payments from its primary and alternate sites on a regular basis. 4 In accordance with section 11.18P3F P of the Canadian Payments Association s Large Value Transfer System Rules, [LVTS Participant] hereby confirms that during the period January 1, 20[YY] through December 31, 20 [YY], [LVTS Participant] successfully conducted testing of its back-up payments technology and supporting systems (e.g. data centre) by sending, receiving, and processing Payment Messages. As a result of this testing, [LVTS Participant] hereby confirms that they are in compliance with LVTS Rule 11.17(b) and 11.18 of the Canadian Payments Association for the calendar year ending December 31, 20[YY]. Yours truly, (Name of Senior Officer representing the LVTS Participant or the Management Committee representative) (Title of Officer) [] denotes customized information to be provided by LVTS Participant 3 Each Participant that regularly processes payments from its primary and alternate sites during an LVTS cycle shall provide to the CPA, by way of a management attestation statement (attached as Appendix II), confirmation that it has successfully processed payments from those locations during the last calendar year. The management attestation statement shall be received by the CPA no later than January 31 of the following year. 4 Each Participant shall conduct disaster recovery testing at least once per calendar year. The test will consist of the Participant successfully sending, receiving and processing Payment Messages using its back-up payments technology and supporting systems (e.g. data centre). Each Participant shall provide to the CPA, by way of a management attestation statement (attached as Appendices I or II as applicable), confirmation that it has conducted such testing within the last calendar year and confirmation that this testing was successfully completed. The management attestation statement shall be received by the CPA no later than January 31 of the following year.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information