THE CAPITAL MARKETS DISASTER RECOVERY GUIDELINES



Similar documents
Disaster Recovery Policy

Business Continuity Planning and Disaster Recovery Planning

NCUA LETTER TO CREDIT UNIONS

Disaster Preparedness & Response

Identify and Protect Your Vital Records

Information Privacy and Security Program Title:

STEP-BY-STEP BUSINESS CONTINUITY AND EMERGENCY PLANNING MAY

Method 1 of 4: Understanding What Makes a Good Business Continuity Plan

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

HOW TO CREATE A VITAL RECORDS PROTECTION PLAN. New York State Unified Court System Division of Court Operations Office of Records Management

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

BUSINESS CONTINUITY PLANNING

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) Fax: (718)

Disaster Recovery. Tips for business survival. A Guide for businesses looking for disaster recovery November 2005

UMHLABUYALINGANA MUNICIPALITY

BUSINESS CONTINUITY PLAN OVERVIEW

Disaster Recovery Planning

Vital Records Identification, Protection, and Disaster Recovery June 16, Wess Jolley, CRM, Records Manager 1

Business continuity management and planning

Balancing and Settlement Code BSC PROCEDURE BSCP537. QUALIFICATION PROCESS FOR SVA PARTIES, SVA PARTY AGENTS AND CVA MOAs

Operational Risk Publication Date: May Operational Risk... 3

SECTION 15 INFORMATION TECHNOLOGY

Overview of Business Continuity Planning Sally Meglathery Payoff

Disaster Recovery Plan. (Updated Aug 30, 2015)

Education and Workforce Development Cabinet POLICY/PROCEDURE. Policy Number: EDU-06 Effective Date: April 15, 2006 Revision Date: December 20, 2012

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

9. GOVERNANCE. Policy 9.8 RECORDS MANAGEMENT POLICY. Version 4

Operational Risk Management Policy

Birkenhead Sixth Form College IT Disaster Recovery Plan

AUDITING A BCP PLAN. Thomas Bronack Auditing a BCP Plan presentation Page: 1

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

The PNC Financial Services Group, Inc. Business Continuity Program

Oadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section

Records Management - Department of Health

Preparing a Disaster Recovery Plan (Church)

Policy Document RECORDS MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity and Disaster Recovery Plan

Best Practices in Disaster Recovery Planning and Testing

Presentation Topics. What is a record? Hawaii State Archives Presentation December 14, 2010 ABC S OF RECORDS MANAGEMENT ACHIEVING BASIC CONTROL

INFORMATION GOVERNANCE POLICY: DATA BACKUP, RESTORE & FILE STORAGE HANDLING

STATUS OF RECOMMENDATIONS: INFORMATION SYSTEMS SECURITY EVALUATION OF REGION III LISLE, IL (OIG-09-A-15)

HALIFAX COMMUNITY COLLEGE BUSINESS CONTINUITY PLAN

Preparing for the HIPAA Security Rule

Continuity Planning and Disaster Recovery

IS INFORMATION SECURITY POLICY

Business continuity plan

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Emergency Response and Business Continuity Management Policy

Document Management Plan Preparation Guidelines

V1.0 - Eurojuris ISO 9001:2008 Certified

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

15 Organisation/ICT/02/01/15 Back- up

Creating a Business Continuity Plan

Information Governance Policy (incorporating IM&T Security)

Corporate Risk Management Policy

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Continuity Plan

COMMERCIALISM INTEGRITY STEWARDSHIP. Back-up Policy & Guidance

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Prudential Practice Guide

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

(Mr. Krirk Vanikkul) Assistant Governor, Financial Institutions Policy Group Governor For

Building Economic Resilience to Disasters: Developing a Business Continuity Plan

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

University of Ulster Policy Cover Sheet

COMCARE BUSINESS CONTINUITY MANAGEMENT

Offsite Disaster Recovery Plan

Business Continuity Planning (BCP) / Disaster Recovery (DR)

DISASTER RECOVERY AND CONTINGENCY PLANNING CHECKLIST FOR ICT SYSTEMS

Business Continuity and Disaster Recovery Planning

Company Management System. Business Continuity in SIA

How to Plan for Disaster Recovery and Business Continuity

Business Continuity Management

Temple university. Auditing a business continuity management BCM. November, 2015

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

University of Nottingham Emergency Procedures and Recovery Policy

The 10 Disaster Planning Essentials For A Small Business Network

BUSINESS CONTINUITY PLAN (BCP) Version Revised 10/2013

Disaster Recovery Plan

Business Continuity & Disaster Recovery

SCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS

Supervisory Policy Manual

B U S I N E S S C O N T I N U I T Y P L A N

Business Continuity Planning at Financial Institutions

Unit Guide to Business Continuity/Resumption Planning

A backup is a copy of your files that will be able to reproduce the original, if it is lost, damaged or stolen.

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

Evaluation of the Railroad Retirement Board s Disaster Recovery Plan Report No , August 14, 2006 INTRODUCTION

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY PLANS OF SPIRE SECURITIES, LLC

Corporate ICT Availability

BACKUP SECURITY GUIDELINE

Subordinate Local Law No (Operation of Temporary Entertainment Events) 2015

Harbinger Escrow Services Backup and Archiving Policy. Document version: 2.8. Harbinger Group Pty Limited Delivered on: 18 March 2008

Beyond Disaster Recovery: Why Your Backup Plan Won t Work

Business Continuity Planning (BCP) / Disaster Recovery (DR)

Transcription:

THE CAPITAL MARKETS DISASTER RECOVERY GUIDELINES Guideline PART I PRELIMINARY 1. Title 2. Application 3. Definition of disaster recovery for purposes of these Guidelines 4. Background to Guidelines 5. Objectives of the Guidelines 6. Meaning of terms PART II RISK ASSESSMENT ANALYSIS 7. Mandatory requirements to carry out risk analysis 8. Elements of a risk analysis 9. Record and application of risk analysis findings 10. Prioritization of risks 11. Focus of impact assessment PART III MANAGEMENT OF RECORDS 12. Management of primary printed and electronic records 13. Management of secondary printed and electronic records 14. Electronic records PART IV- DISASTER MANAGEMENT COMMITTEE 15. Mandatory establishment of disaster management committees 16. Key functions of the Committee 17. Special categories in the Committee 18. Notification events PART V OFF SITE LOCATIONS 19. Mandatory requirement for the establishment of an off site location 20. General criteria for off site locations PART VI - GENERAL 21. Authority s powers 22. Implementation of these guidelines 13th October 2005 1

The Capital Markets Disaster Recovery Guidelines (Under section 101 of the Capital Markets Authority Act, Cap. 84) IN EXERCISE of the powers conferred on the Capital Markets Authority ( Authority ) by section 101 of the Capital Markets Authority Act ( The Act ), these guidelines are made this 20 th day of October, 2005. PART I PRELIMINARY 1. These Guidelines shall be referred to as the Capital Markets Disaster Recovery Guidelines. 2. The Authority has developed these Guidelines as a minimum standard for disaster recovery practices by regulated persons in response to the growing importance of disaster recovery and contingency planning both in emerging and developing economies. 3. Disaster recovery, for the purposes of these Guidelines is defined as a process by which an organization able to deal with potential disasters and make provision for the continuation of normal functions. 4. These Guidelines have been developed taking into account the growing significance for organizations to ensure disaster recovery planning, risk identification, risk analysis and development of recovery strategies. 5. The objective of these Guidelines is to enable regulated persons analyse the potential and real disasters they may face and to make provision for the development of continuity plans 6. In these Guidelines, the following words and expressions shall carry the meaning attributed to them: This glossary is only designed to provide clarity to the words and terms used in these Guidelines and does not amount to an interpretation of the terms contained therein. Title Application Definition of disaster recovery for the purposes of these Guidelines. Background to Guidelines Objectives of the Guidelines Meaning of terms Authority means the Capital Markets Authority as established under section 4 of the Capital Markets Authority Act Cap 84. Back up means the act of reproducing copies of 13th October 2005 2

printed records or electronic records. Correspondent means a natural person or institution with which a regulated institution exchanges vital information such as the Authority, clients or other category of persons or institutions generally. Disaster this includes acts of God or natural disasters such as earthquakes and fires as well as acts of men such as riots, terrorist attacks, computer systems failures and arson. Electronic records are vital computer files, e-mail attachments or other information ordinarily stored in electronic, magnetic or digital form. Primary this refers to the original documentary or electronic records. Regulated person means any organisation or natural person that is licensed, approved or in any way regulated by the Authority and includes Uganda Securities Exchange, broker/dealers, investment advisers, registrars, custodians, managers, trustees and authorised corporate directors of collective investment schemes and any other category of persons or institutions as the Authority may from time to time designate. Secondary this refers to copies of primary or original documentary or electronic records. PART II RISK ASSESSMENT ANALYSIS 7. All regulated persons are required to carry out a risk analysis of their securities operations which will enable them examine the real, and historical risks and potential threats such as natural disasters, technological or human causes. 8. A risk analysis should include risk identification, risk categorization, identification of the likelihood of occurrence and an assessment of the adequacy of the precautions in place. Mandatory requirement to carry out risk analysis Elements of a risk analysis 13th October 2005 3

9. The findings of the risk analysis should be recorded and applied in the development of a risk management and contingency plan. 10. Risks should be prioritised according to risks resulting from equipment failure, utilities failure and human failures resulting from robberies, strikes, riots, and terrorist threats among others. 11. An assessment of the potential impact resulting from the risk should also be made with special focus on its bearing on:- Record and application of risk analysis findings Prioritisation of risks Focus of impact assessment (i) (ii) (iii) The financial effects on the regulated entity. Legal and regulatory consequences. Effects on competitive position and Customer confidence PART III MANAGEMENT OF RECORDS 12. (1) Printed records refer to all vital printed documentation including correspondence, board minutes, financial records, client records, operational information, standard formats, contracts, licensing documentation as well as other important records that are generated from within the regulated institutions and from correspondents. Management of primary printed and electronic records (2) Primary copies of all printed records must be kept in a systematic and well-categorised manner. (3) All primary copies of printed records should be stored in fireproof cabinets. 13. (1) Secondary copies of all printed records should be made by photocopying or scanning and these should be updated on a quarterly basis. Management of secondary printed and electronic records (2) All secondary copies of printed records should be stored at an off-site storage location satisfying the guidelines in 12 (2). 14. (1) All employees of regulated institutions responsible for using or storing electronic records are required to make back up copies (the first backup) of all primary Management of electronic records 13th October 2005 4

electronic records and store them preferably on floppy diskette or other magnetic or digital form. Other forms may include tape, CD, jazz or SyQuest disks. (2) All first back up copies must be backed up on similar or other electronic, digital or magnetic storage devices (the second backup). (3) First and second back up copies should be updated on a quarterly basis. The secondary back up copies must be stored at an off-site location satisfying the guidelines in 13(2). PART IV- DISASTER MANAGEMENT COMMITTEE 15. All Regulated persons should put in place disaster management committees. 16. The committee shall, among others, develop a contingency plan for business continuity, which should specifically address Mandatory establishment of disaster management committees Key functions of the committee (i) (ii) (iii) (iv) Evacuation procedures Business resumption Emergency operating procedures. Information systems and data recovery 17. The Chairperson of the committee shall be in charge of implementation of the business continuity plan and the Compliance Officer designated for purposes of liaison with the Authority shall be a member of the Committee. 18. A regulated person shall immediately notify the Authority in the event of the following a) A decision to change an off-site storage location. b) The change of an off-site storage location. c) The occurrence of any disaster affecting the regulated person s business. d) A decision to implement the contingency business continuity plan. e) A change of location of operations following disaster. Special categories in the committee Notification events PART V OFF-SITE LOCATIONS 13th October 2005 5

19. Each regulated institution is required to arrange for the off-site storage of its backup copies as provided above. 20. (1) In general, off-site storage locations should not be less than 1 km from the principal place of business of the regulated institutions, but they may be a branch office of the regulated institution or parent company premises. Mandatory requirement for the establishment of an off-site storage location General criteria for offsite locations (2) The off-site storage location shall be a convenient and secure location. PART V GENERAL 21. (1) The Authority shall conduct routine and impromptu visits to the premises of regulated institutions and to back-up storage locations to verify compliance with these Guidelines. Authority s powers (2) The Authority reserves the right to make directions on the suitability of selected off-site storage locations. (3) The Authority may make such directions, as it may deem necessary with respect to the disaster recovery preparedness of regulated institutions. 22. All regulated institutions shall implement these guidelines by the 1 st of January 2006, save for regulation 12(3) which shall be implemented by the 1 st of May 2006. Implementation of these Guidelines Issued this 20 th day of October, 2005. TWAHA KIGONGO KAAWAASE Chairman, Capital Markets Authority 13th October 2005 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information