Reset to Today

To access the FCA Handbook Archive choose a date between 1 January 2001 and 31 December 2004.

Content Options:

Content Options

View Options:


You are viewing the version of the document as on 2025-04-01.

Timeline guidance

Alternative versions

  1. Point in time
    2025-04-01

CTPS 4.5 Requirement 4: Technology and cyber resilience

CTPS 4.5.1R

1A critical third party must (as part of its obligation under CTPS 4.3.1R (Requirement 2: Risk management)) take reasonable steps to ensure the resilience of any technology that delivers, maintains or supports a systemic third party service, including by having:

  1. (1)

    (as part of its obligation under CTPS 4.1.1R (Cross-cutting requirement)) sound, effective and comprehensive strategies, processes and systems to adequately manage risks to its technology and cyber resilience; and

  2. (2)

    regular testing and exercising of those strategies, processes and systems (including as part of its obligations under CTPS 5 (Information gathering, evidence and testing)) and processes and measures that reflect lessons learned from that testing and exercising.