CTPS 5.2 Scenario testing

As part of its obligation under CTPS 5.1.1R (General evidence requirement), a critical third party must carry out regular scenario testing of its ability to continue providing each systemic third party service within its appropriate maximum tolerable level of disruption (set in accordance with CTPS 4.8.1R(2) (Requirement 7: Incident management)) in the event of a severe but plausible disruption to its operations.

When carrying out the scenario testing required by CTPS 5.2.1R, a critical third party must identify an appropriate range of adverse circumstances of varying nature, severity and duration relevant to its business, risk profile and supply chain and consider the risks to the delivery of the systemic third party service in those circumstances.