CTPS 4.5 Requirement 4: Technology and cyber resilience

1A critical third party must (as part of its obligation under CTPS 4.3.1R (Requirement 2: Risk management)) take reasonable steps to ensure the resilience of any technology that delivers, maintains or supports a systemic third party service, including by having:

1. (1)

   (as part of its obligation under CTPS 4.1.1R (Cross-cutting requirement)) sound, effective and comprehensive strategies, processes and systems to adequately manage risks to its technology and cyber resilience; and

2. (2)

   regular testing and exercising of those strategies, processes and systems (including as part of its obligations under CTPS 5 (Information gathering, evidence and testing)) and processes and measures that reflect lessons learned from that testing and exercising.