Info
π Back to Summary. π«π· French Version: 2017R0392_FR.77. Back to Summary of LVL1. Open the PDF. Direct link to EUR-LEX.
Article 76 β Strategy and policy β¬ οΈ | β‘οΈ Article 78 β Disaster recovery
RΓ©fΓ©rences LVL1 <=> LVL2
Level 1 reference(s): 2014R0909_EN.45
Article 77 - Business impact analysis
1.
A CSD shall conduct a business impact analysis to:
(a)
prepare a list with all the processes and activities that contribute to the delivery of the services it provides;
(b)
identify and create an inventory of all the components of its IT system that support the processes and activities identified in point (a) as well as their respective interdependencies;
(c)
identify and document qualitative and quantitative impacts of a disaster recovery scenario to each process and activity referred to in point (a) and how the impacts change over time in case of disruption;
(d)
define and document the minimum service levels considered acceptable and adequate from the perspective of the users of the CSD;
(e)
identify and document the minimum resource requirements concerning personnel and skills, work space and IT to perform each critical function at the minimum acceptable level.
2.
A CSD shall conduct a risk analysis to identify how various scenarios affect the continuity of its critical operations.
3.
A CSD shall ensure that its business impact analysis and risk analysis fulfil all of the following requirements:
(a)
they are kept up to date;
(b)
they are reviewed following a material incident or significant operational changes and, at least, annually;
(c)
they take into account all relevant developments, including market and IT developments.