This document defines the Business Continuity Management Policy for the Company.
The Company is committed to maintaining the continuity of its business in the event of an incident which causes major disruption. To achieve this, the firm has established Business Continuity Management (BCM) as an integral part of the firm’s normal continuity business operations. Plans should be drafted, published and tested for key services as agreed by the Business resilience team within Business Security function.
The statements within this policy shall also apply to all personal data processed by the Company. “Processing” in this context means any operation concerning personal data throughout the information lifecycle; this includes but is not limited to personal data collected, stored, viewed, transferred, analyzed or communicated in hard copy, oral or electronic form.
This policy applies to all staff accessing the Company’s physical and electronic infrastructure, and to all Company’s confidential information (including any personal data) held by the Company.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3. BUSINESS CONTINUITY MANAGEMENT
3.1 GOVERNANCE AND REPORTING
3.3 RISK ASSESSMENT
3.6 VALIDATION AND CONTINUOUS IMPROVEMENT
3.7 EDUCATION AND AWARENESS
3.8 THIRD PARTY SUPPLIERS
3.9 INCIDENT RESPONSE
3.10 CRISIS MANAGEMENT
4.1 BUSINESS SECURITY
4.2 THE BUSINESS CONTINUITY TEAM
4.3 SERVICE LINE AND INTERNAL DEPARTMENT BUSINESS CONTINUITY CORE TEAMS
4.4 SERVICE LINE AND INTERNAL DEPARTMENT BUSINESS UNIT RECOVERY TEAMS
4.5 IT SERVICES
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The Company has adopted an Information Risk Management Policy (“Policy”) to describe rules and expectations for both itself and all its direct and indirect subsidiaries countrywide.
The Public Cloud Security Standard (the Standard) establishes security requirements and controls to maintain the Confidentiality, integrity, and availability of the Company’s data in the public cloud.