Back Custom print Link Text Only Rich Text Print

  • Audit and Independent Review

    • OM-4.9.10

      The internal audit function of a licensee or its external auditors must conduct periodic reviews of the BCP to determine whether the plan remains realistic and relevant, and whether it adheres to the policies and standards of the licensee. This review must include assessing the adequacy of business process identification, threat scenario development, business impact analysis and risk assessments, the written plan, testing scenarios and schedules.

      Added: January 2020

    • OM-4.9.11

      Significant findings and recommendations must be brought to the attention of the Board and Senior Management within three months of the completion of the review. Furthermore, Senior Management and the Board must ensure that any gaps or shortcomings reported to them are addressed in an appropriate and timely manner.

      Added: January 2020