Back Custom print Link Text Only Rich Text Print

  • Audit and Independent Review

    • OM-5.9.10

      The internal audit function of a licensee or its external auditors must conduct periodic reviews of the BCP to determine whether the plan remains realistic and relevant, and whether it adheres to the policies and standards of the licensee. This review must include assessing the adequacy of business process identification, threat scenario development, business impact analysis and risk assessments, the written plan, testing scenarios and schedules, and communication of test results and recommendations to the Board.

      Amended: July 2011
      October 07

    • OM-5.9.11

      Significant findings must be brought to the attention of the Board and Senior Management within three months of the completion of the review. Furthermore, Senior Management and the Board must ensure that any gaps or shortcomings reported to them are addressed in an appropriate and timely manner.

      Amended: July 2011
      October 07