Info
🔗 Back to Summary. 🇫🇷 French Version: 2017R0392_FR.76. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.
Article 75 – IT tools ⬅️ | ➡️ Article 77 – Business impact analysis
Références LVL1 <=> LVL2
Level 1 reference(s): 2014R0909_EN.45
Article 76 - Strategy and policy
1.
A CSD shall have a business continuity policy and associated disaster recovery plan that is:
(a)
approved by the management body;
(b)
subject to audit reviews that shall be reported to the management body.
2.
A CSD shall ensure that the business continuity policy:
(a)
identifies all its critical operations and IT systems and provides for a minimum service level to be maintained for those operations;
(b)
includes the CSD’s strategy and objectives to ensure the continuity of operations and systems referred to in point (a);
(c)
takes into account any links and interdependencies to at least:
(i)
users;
(ii)
critical utilities and critical service providers;
(iii)
other CSDs;
(iv)
other market infrastructures;
(d)
defines and documents the arrangements to be applied in the event of a business continuity emergency or major disruption of the CSD’s operations in order to ensure a minimum service level of critical functions of the CSD;
(e)
identifies the maximum acceptable period of time which critical functions and IT systems may be out of use.
3.
A CSD shall take all reasonable steps to ensure that settlement is completed by the end of the business day even in case of a disruption, and that all the users’ positions at the time of the disruption are identified with certainty in a timely manner.