Outsourcing DRP BCP
Outsourcing DRP BCP
Outsourcing DRP BCP
1.4 The bank is managing residual risks (a) Describe the bank's process for
associated with outsourcing arrangements, determining the materiality of outsourcing
including disruption of services. arrangements.
SP (40) 1.5 The Board and management have ensured None
that the expectations and obligations of each
party are clearly defined, understood and
enforceable.
1.6 The bank carries out initial due diligence test (a) Describe the initial due diligence test and
and monitor third-party activities on a regular indicate how third-party activities are
basis. regularly monitored.
(b) Describe the bank's program for
managing and monitoring risks of the
outsourcing arrangements.
1.7 For critical activities, the bank has None
considered contingency plans, including
availability of alternative external parties and
costs and resources required to switch
external parties.
2.1 The bank's decision to retain or self-insure None
the risk is transparent within the organization
and consistent with the bank's overall
business strategy and risk appetite.
2. Self-insure or retain SP (41) 3.1 The bank is required to establish disaster None
operational risk recovery and business continuity plans that
take into account different types of plausible
scenarios to which the bank may be
vulnerable, commensurate with the size and
complexity of the bank's operations.
3.5 There is a periodic review of DRP/BCP to (a) Describe the bank's process for
ensure consistency with the bank's current reviewing DRP/BCP.
operations and business strategies.
SP (44) 3.6 Plans are tested periodically to ensure that (a) Identify the frequency for testing plans.
the bank would be able to execute the plans
in the unlikely event of a severe business
disruption.
Note: In addition to the BIS Sound Practices, institutions are required to comply with the "OSFI Guideline B-10: Outsourcing of Business Activities, Functions and Processes"
Rating Rationale
Rating Rationale