(1) An ATS Operator must:
(a) have sufficient technology resources to operate, maintain and supervise the facility it operates;
(b) be able to satisfy the DFSA that its technology resources are established and maintained in such a way as to ensure that they are secure and maintain the confidentiality of the data they contain; and
(c) ensure that its members and other participants on its facility have sufficient technology resources which are compatible with its own.
(2) For the purposes of meeting the requirement in (1)(c), an ATS Operator must have adequate procedures and arrangements for the evaluation, selection and on-going monitoring of information technology systems. Such procedures and arrangements must, at a minimum, provide for:
(a) problem management and system change;
(b) adequate procedures for testing information technology systems before live operations, which are in conformity with the requirements that would apply to an Authorised Market Institution under App 1 of AMI;
(c) monitoring and reporting on system performance, availability and integrity; and
(d) adequate measures to ensure:
(i) the information technology systems are resilient and not prone to failure;
(ii) business continuity in the event that an information technology system fails;
(iii) protection of the information technology systems from damage, tampering, misuse or unauthorised access; and
(iv) the integrity of data forming part of, or being processed through, information technology systems.