Article 76
Strategy and policy
1. A CSD shall have a business continuity policy and associated disaster recovery plan that is:
|
(a) |
approved by the management body; |
|
(b) |
subject to audit reviews that shall be reported to the management body. |
2. A CSD shall ensure that the business continuity policy:
|
(a) |
identifies all its critical operations and IT systems and provides for a minimum service level to be maintained for those operations; |
|
(b) |
includes the CSD's strategy and objectives to ensure the continuity of operations and systems referred to in point (a); |
|
(c) |
takes into account any links and interdependencies to at least:
|
|
(d) |
defines and documents the arrangements to be applied in the event of a business continuity emergency or major disruption of the CSD's operations in order to ensure a minimum service level of critical functions of the CSD; |
|
(e) |
identifies the maximum acceptable period of time which critical functions and IT systems may be out of use. |
3. A CSD shall take all reasonable steps to ensure that settlement is completed by the end of the business day even in case of a disruption, and that all the users' positions at the time of the disruption are identified with certainty in a timely manner.