?
This is the kind of worst-case scenario that the Bangko Sentral ng Pilipinas would like to address in an upcoming circular. In a business continuity forum on Thursday, Gail Fule, director of the BSP?s central point of contact department II, revealed that the 88-page draft circular may be released early next year. Banks, companies and organizations have been given advanced copies of the draft circular for comment.
?
The BSP director added that the banking sector?s upcoming circular will form part of the ?National Business Continuity Plan? approved by the President.
?
The new circular, title ?Comprehensive Framework on Information Technology Risk Management (ITRM)?, adds to the earlier BSP circular No.511 issued in 2006, which prescribed guidelines on technology risk management.
?
?A growing number of BSP supervised institutions (BSIs) employ the advances in technology as leverage to offer innovative products? technology becomes an integral part of the business and operations of these entities, technology risks are heightened,? she explained.
?
Through the new circular, BSP hopes ?to minimize financial loss to the institution [and] to continue to serve customers?
Information Technology Risk Management (ITRM)
The new circular, drafted by an ?IT specialist group,? requires BSP-supervised entities to have a comprehensive business continuity management plan that will provide policies, standards, and procedures during operation disruptions.
?
A recent four-day simulation exercise held last September involving members of the banking sector brought to light the industry?s shortcomings.
?
?For the banking sector?s plan, the capacity of the different banking associations to respond during pandemic and other disasters was raised.? Policies, procedures and guidelines for the different banking associations were lacking.? The need for regular coordination within the Sector was also identified,? said Fule.
?
The framework, likewise, recommend the creation of a crisis management team among financial entities. ?The BSP should set out a crisis management process to assist senior management in dealing with and containing an emergency and avoid spill-over effects to the business as a whole,? the BSP director said.
?
Still, Fule stressed that the new guideline will not be a ?one-size-fits-all? solution to all disaster-related problems that a financial institution may face.
?
She added that companies with complex IT programs are expected to implement most of the provisions in the circular, while entities with simple technology may ?exercise sound judgment? in choosing provisions relevant to their needs.
?
Furthermore, Fule said, ?[The business continuity plan] should involve not only Information Technology, but all business units and functions. The BCP is developed based on business impact analysis and risk assessment.?
?
Apart from a plan, the BSP recommends a business continuity-training program be provided employees to create awareness in their roles and responsibilities in the event of major disruption. ?
?
Another mitigation strategy is to provide alternative business and recovery sites.
The business continuity plan testing should also be done at least annually. ?Testing ensures that the BCP remains accurate, relevant and operable.? Such testing, which can come in different forms, should be conducted periodically,? explained Fule.
?
The central bank likewise recommended that an external auditor should independently review the business continuity plan.
?
Once the new circular has been issued, Fule explained, a bank should have a business continuity plan in place before it can implement new technology.
?
?They should establish a bank?s course of action in the event of a system failure or unauthorized intrusions and should be integrated with all other business continuity plans for bank operations,? she said. ? DVM, GMA News
earthquake san francisco donald payne elizabeth berkley lenny dykstra jenelle evans jenelle evans mlb 12 the show
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.