Versions

 

OB-1.1.11

AISPs and PISPs must ensure that their overall systems and controls including but not limited to the business continuity, disaster recovery, information security testing, web-applications testing, smart device application testing, and cyber resilience are evaluated and independently tested by an external consultant:

a) initially upon implementation of this Module;
b) when there are any material changes to the systems and controls; and
c) at least once every 3 years.
Added: December 2018