RM-3.1.13
An organisation-wide cyber security strategy must be defined and documented to include:
(a) The position and importance of cyber security at the licensee ;
(b) The primary cyber security threats and challenges facing the licensee ;
(c) The licensee ’s approach to cyber security risk management;
(d) The key elements of the cyber security strategy including objectives, principles of operation and implementation approach;
(e) Scope of risk identification and assessment, which must include the dependencies on third party service providers;
(f) Approach to planning response and recovery activities; and
(g) Approach to communication with internal and external stakeholders including sharing of information on identified threats and other intelligence among industry participants.
Added: January 2022