CRA-6.5.2B
(a) Establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, mitigate and manage operational risks;
(b) Have in place clearly defined roles and responsibilities for addressing operational risk;
(c) Have in place clearly defined operational reliability objectives and have policies in place that are designed to achieve those objectives;
(d) Ensure that it has adequate capacity proportionate to stress volumes to achieve its service-level objectives; and
(e) Have a comprehensive physical and information security policy that addresses all potential vulnerabilities and threats.
Added: April 2023