GEN 5.3.23 Guidance

1. In considering the adequacy of an Authorised Person's business continuity arrangements, the DFSA will have regard to the Authorised Person's management of the specific risks arising from interruptions to its business including its crisis management and disaster recovery plans.
2. The DFSA expects an Authorised Person to have:
a. arrangements which establish and maintain the Authorised Person's physical security and protection for its information systems for business continuity purposes in the event of planned or unplanned information system interruption or other events that impact on its operations;
b. considered its primary data centres' and business operations' reliance on infrastructure components, for example transportation, telecommunications networks and utilities and made the necessary arrangements to minimise the risk of interruption to its operations by arranging backup of infrastructure components and service providers; and
c. considered, in its plans for dealing with a major interruption to its primary data centre or business operations, its alternative data centres' and business operations' reliance on infrastructure components and made the necessary arrangements such that these do not rely on the same infrastructure components and the same service provider as the primary data centres and operations.

Derived from DFSA RM01/2004 (Made 16th September 2004). [VER1/09-04]