Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2025-11-03.

CTPS 4.3 Requirement 2: Risk management

CTPS 4.3.1R

1A critical third party must manage effectively risks to its ability to deliver a systemic third party service including by:

  1. (1)

    identifying and monitoring relevant external and internal risks;

  2. (2)

    ensuring that it has in place risk management processes that are effective at managing those risks; and

  3. (3)

    regularly updating its risk management processes to reflect issues arising and lessons learned from:

    1. (a)

      CTP operational incidents;

    2. (b)

      engagement with the regulators;

    3. (c)

      new and emerging risks; and

    4. (d)

      any associated testing and exercising, including but not limited to that carried out in accordance with CTPS 5 (Assurance, scenario testing and incident management playbook).