CTPS 4.8 Requirement 7: Incident management
1A critical third party must manage effectively CTP operational incidents including by:
- (1)
implementing appropriate measures to respond to and recover from CTP operational incidents in a way that minimises the impact, or potential impact, on the stability of, or confidence in, the UK financial system;
- (2)
setting an appropriate maximum tolerable level of disruption to each systemic third party service;
- (3)
maintaining and operating an incident management playbook, the first version of which must be in place within 12 months of the critical third party being designated by the Treasury, which sets out the plans and procedures to be followed by the critical third party in the event of a CTP operational incident in order to:
- (a)
respond to and recover from the CTP operational incident; and
- (b)
facilitate effective communication with, and support to, the regulators and affected firms (individually and collectively); and
- (a)
- (4)
cooperating and coordinating with the regulators and affected firms in response to CTP operational incidents, including through collective incident response frameworks.