CTPS 5.3 Incident management playbook exercise

1As part of its obligation under CTPS 5.1.1R (General evidence requirement), a critical third party must assess the effectiveness of its incident management playbook regularly, including undertaking an appropriate incident management playbook exercise with a representative sample of the firms to which it provides systemic third party services within 12 months of the critical third party being designated by the Treasury and at least biennially thereafter.

1A critical third party must, as soon as is practicable, prepare and submit to the regulators a report of the incident management playbook exercise undertaken under CTPS 5.3.1R (including any actions taken in the light of the results of that exercise).