AMI 5.5.5

(1) An Authorised Market Institution must have sufficient technology resources to operate, maintain and supervise its facilities.
(2) The Authorised Market Institution must be able to satisfy the DFSA that its technology resources are established and maintained in such a way as to ensure that they are secure and maintain the confidentiality of the data they contain.
(3) An Authorised Market Institution must ensure that its Members and other participants on its facilities have sufficient technology resources which are compatible with its own.
(4) For the purposes of meeting the requirement in (1), an Authorised Market Institution must have adequate procedures and arrangements for the evaluation, selection and on-going monitoring of information technology systems. Such procedures and arrangements must, at a minimum, provide for:
(a) problem management and system change;
(b) testing information technology systems before live operations in accordance with the requirements in Rule 5.5.6;
(c) monitoring and reporting on system performance, availability and integrity; and
(d) adequate measures to ensure:
(i) the information technology systems are resilient and not prone to failure;
(ii). business continuity in the event that an information technology system fails;
(iii) protection of the information technology systems from damage, tampering, misuse or unauthorised access; and
(iv) the integrity of data forming part of, or being processed through, information technology systems.
(5) An Authorised Market Institution must meet the applicable requirements in App 1 for the purposes of:
(a) testing the adequacy and effectiveness of its own information technology systems; and
(b) assessing the adequacy and effectiveness of information technology systems of its Members.
Derived from RM118/2013 [VER15/07-13]