External Supplier Control Requirements BCM

Similar documents
Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

Business Continuity Planning

Proposal for Business Continuity Plan and Management Review 6 August 2008

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

How To Manage A Disruption Event

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

The PNC Financial Services Group, Inc. Business Continuity Program

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Management

INSURANCE REGULATORY AUTHORITY IRA/PG/ GUIDELINE TO THE INSURANCE INDUSTRY ON THE BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

How to Plan for Disaster Recovery and Business Continuity

Prudential Standard CPS 232 Business Continuity Management

Coping with a major business disruption. Some practical advice

Business Continuity Management

Tips and techniques a typical audit programme

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Business Continuity (Policy & Procedure)

Business continuity plan

Prudential Practice Guide

Business Continuity Management

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9

Business Continuity Management

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Business Continuity Planning (800)

Disaster Recovery Planning

Disaster Recovery. Hendry Taylor Tayori Limited

PBSi Business Continuity Planning

Business Continuity Management

MHA Consulting. Business Continuity Management 101

Disaster Recovery Policy

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Overview TECHIS Manage information security business resilience activities

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

How to measure your business resiliency

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Prudential Practice Guide

Disaster Recovery Plan The Business Imperatives

BUSINESS CONTINUITY STRATEGY

The ABC s of BCP. Jeremy Sucharski Governance Risk and Compliance G31

Table of Contents... 1

Business Continuity Plan Assessment Tool v1.0

Overview of how to test a. Business Continuity Plan

Guidance Note XGN XXX.1

The Disaster Recovery Self-Assessment Guide and Validation Model. Jim Kates Cognizant Technology Solutions

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Policy and Business Continuity Management System

Attachment N CPIC Vendor Resiliency Business Continuity Planning Questionnaire

Flinders University IT Disaster Recovery Framework

RBC Business Continuity Management Program Exercising our Plans. BCAW Presentation

D2-02_01 Disaster Recovery in the modern EPU

November 2007 Recommendations for Business Continuity Management (BCM)

The PNC Financial Services Group, Inc. Business Continuity Program

State of South Carolina Policy Guidance and Training

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Raising Business Continuity Management Awareness in Malaysia

NAVIGATING THROUGH A CATASTROPHIC DISASTER:

Business Continuity Planning and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning

Business Continuity Plan Toolkit

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Global Statement of Business Continuity

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

BUSINESS CONTINUITY PLAN

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

Business Continuity Business Continuity Management Policy

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Guideline - Business Continuity Plan

August 2013 Recommendations for Business Continuity Management (BCM)

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

Business Continuity Template

External Supplier Control Requirements

BUSINESS CONTINUITY PLAN. Specific Issues for Public Health Emergencies. Guidelines for Air Carriers

Business Continuity Management. Policy Statement and Strategy

2014 NABRICO Conference

Business Continuity Management Charter

Rogers Insurance Client Presentation

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

BUSINESS CONTINUITY POLICY RM03

Attachment to Data Center Services Multisourcing Service Integrator Master Services Agreement

Business Continuity Management Policy

BCP and DR. P K Patel AGM, MoF

Business Resiliency Business Continuity Management - January 14, 2014

Transcription:

External Supplier Control Requirements BCM

BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity policy in place, which is reviewed on a periodic basis, but at least annually. To enable Barclays to ascertain that there is an appropriate Business Continuity policy in place. Failure to execute the required BCM solution when required may cause operational damage, loss of revenue, legal or regulatory sanction, or reputational damage to Barclays. 2. Business Continuity Governance The Supplier will assign an accountable person for Business Continuity who will assign roles and responsibilities to the management team for the service and review these at least annually. 3. Business Impact Analysis The Supplier will conduct (at least annually) a business impact analysis. This must be reviewed and approved by the accountable person responsible for business continuity management and by the executive responsible for the services. 4. Supplier s Risk Assessment The Supplier will perform (at least annually) a risk assessment to identify the risks that could cause a business interruption and ensure that appropriate controls are implemented to manage and control such risks. 5. Business (BCP) The Supplier will have a documented Business to meet the Recovery Time Objective (RTO) specified by Barclays for the provided services. The Business must be submitted for review by Barclays on an annual basis or following any major changes/enhancements to the services. Barclays BCM Tiers : Tier 1 (RTO): 0-4 hours Tier 2 (RTO): 4-8 hours Tier 3 (RTO): 8-24 hours Tier 4 24 hours 5 days Tier 5 No planned recovery 6. Supplier Business invocation process The Supplier will review the formal Business invocation process on an annual basis to ensure that the initial responses to an incident are appropriate. To enable Barclays to ascertain that there is an appropriate Business solution in place, which can be invoked as required. Failure to do so may cause operational damage, loss of revenue, legal or regulatory sanction, or reputational damage to Barclays.

7. Business The Supplier will test the Business in accordance with the Tier 1 & 2 - Every 12 months Tier 3 & 4 - Every 24 months To enable Barclays to ascertain that there is an appropriate and implementable business recovery plan in place for recovery of test services tier or soon after major changes / the Supplier s service within agreed RTO. Failure to execute the enhancements / remediation have been required BCM solution when required may cause operational implemented that affect the Services. damage, loss of revenue, legal or regulatory sanction, or The Supplier will ensure that identified gaps are addressed with a remediation reputational damage to Barclays. plan (action, ownership, delivery date) and shared and agreed with Barclays. 8. Supplier IT The Supplier will have a documented IT Barclays BCM Tiers : Disaster Recovery Plan (IT DRP) Disaster Recovery Plan (IT DRP) in place, which is reviewed by the Supplier on a periodic basis or soon after major changes/enhancements have been implemented to the service. Supplier must ensure that actions highlighted from the IT Tier 1 (RTO): 0-4 hours Tier 2 (RTO): 4-8 hours Tier 3 (RTO): 8-24 hours Tier 4 24 hours 5 days Tier 5 No planned recovery DRP review are implemented in a timely manner 9. Supplier IT Disaster Recovery Supplier will test the IT DRP to confirm its ability to recover the service in the agreed Tier 1 & 2 - Every 12 months Tier 3 & 4 - Every 24 months Plan (IT DRP) test timeframes. The test is to be carried out on an annual basis or soon after major changes / enhancements /remediation have been implemented that affect the Services. The Supplier reviews the test results and ensures that suitable actions are taken to remediate the identified findings.

BCM Requirement Description Why this is important 10. Incident & Crisis (Crisis Team) The Supplier will have a crisis management team responsible for the implementation of a crisis management plan detailing procedures to be taken in the event of an incident or event that impacts the delivery of services to Barclays. solution in place. Failure to execute the required BCM solution when required may cause operational damage, loss of revenue, 11. Invocation of the Plan (Communication Plan/Incident Log) Supplier must notify Barclays in the event of a service interruption which requires invocation of one or many of the Business, Crisis Plan and/or IT DR Plan. Supplier must prepare an incident report which must be shared with Barclays in the event of a Service interruption. Supplier also must maintain an incident log that shall be shared with Barclays in the event of a Service disruption. The Supplier shall invoke the Plan in the following circumstances: in the event of a service interruption or if required and requested by Barclays. solution in place. Failure to execute the required BCM solution when required may cause operational damage, loss of revenue, 12. IT DRP cover for System Recovery Documentation System Recovery Documentation must be in place to support IT DR plan and to meet the Recovery Time Objective (RTO) specified by Barclays for the provided service. System Recovery Documentation must be reviewed and signed off by the Supplier system owner annually or when there is a significant change. If this principle is not implemented, Barclays cannot ascertain that there is an appropriate BCM when required may cause operational damage, loss of revenue, legal or regulatory sanction, or reputational damage to Barclays. 13. Supplier and Barclays participating in each other BCP and IT DR testing / validations. Where appropriate, and by agreement, Supplier and Barclays might participate in each other BCP and IT DR tests/validations, and also jointly test Incident and Crisis scenarios. To enable Barclays to mutually engage with the Supplier on tests for key Services and in order to meet regulatory requirements where some country specific regulators require such tests.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information