• Risk Assessment

    • OM-4.3.6

      In developing a BCP, licensees must consider realistic threat scenarios that may (potentially) cause disruptions to their business processes.

      January 2014

    • OM-4.3.7

      Business continuity plans must take into account different types of likely or plausible scenarios to which the licensee will be vulnerable. The following specific scenarios must at a minimum, be considered in the BCP:

      (a) Utilities are not available (power, telecommunications);
      (b) Critical buildings are not available or specific facilities are not accessible;
      (c) Software and live data are not available or are corrupted;
      (d) Vendor assistance or (outsourced) service providers are not available;
      (e) Critical documents or records are not available;
      (f) Critical personnel are not available; and
      (g) Significant equipment malfunctions (hardware or telecom).
      January 2014