Business Continuity Management Policy by Bank Negara Malaysia
Part B Policy Requirements 9:
BCM Framework and Methodology
Critical Business Information Records
Click the icon on the right to download BNM BCM Policy. Below is a sample Table of Content of the downloaded BNM BCM Policy.
Introduction
Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.
This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans.
Specifically, it highlights the requirements related to critical business information records.
This report focuses on Part B - Policy
Requirement 9, outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements related to critical business information records.
Policy Requirement 9 emphasizes identifying and safeguarding critical business information records within the BCM framework. Critical business information records refer to vital documents, data, and records essential for the operation, decision-making, and continuity of a bank's business functions.
a. Identification of Critical Business Information Records
Banks must conduct a thorough analysis to identify and classify their critical business information records. This includes identifying the types of records, their sources, locations, and the dependencies on these records for critical business functions. It is crucial to prioritize the protection and availability of these records during disruptive events.
b. Backup and Recovery Strategies
The policy requires banks to establish backup and recovery strategies for critical business information records. This involves implementing appropriate measures to ensure the timely backup, storage, and recovery of the records in the event of disruptions. Banks should define recovery time objectives (RTOs) and establish redundant systems, data replication, or secure off-site storage to safeguard critical records.
c. Data Integrity and Security
Banks must ensure the integrity and security of critical business information records. This includes implementing robust security measures, access controls, encryption, and monitoring mechanisms to protect against unauthorized access, data breaches, or tampering. Banks should also have processes in place for regular data validation, integrity checks, and audits to maintain the accuracy and reliability of critical records.
d. Documentation and Retention Policies
Policy Requirement 9 emphasizes the need for banks to have clear documentation and retention policies for critical business information records. Banks should establish procedures and guidelines for creating, maintaining, and retaining records in compliance with regulatory requirements and industry best practices. This includes defining record retention periods, securing disposal processes, and maintaining audit trails for record management activities.
e. Testing and Validation
Banks are encouraged to conduct regular testing and validation to ensure the effectiveness of the strategies and measures in place for critical business information records. This involves testing backup and recovery processes, verifying data integrity, and performing drills to assess the availability and accessibility of critical records during simulated disruptions. The results of these tests should be used to refine and improve the strategies and processes.
Conclusion
Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, highlights the significance of managing critical business information records within the BCM framework.
By identifying, safeguarding, and ensuring the availability of these records, banks can maintain operational continuity, decision-making capabilities, and regulatory compliance during disruptive events.
Effective management of critical business information records involves identifying and classifying records, implementing backup and recovery strategies, ensuring data integrity and security, establishing documentation and retention policies, and conducting regular testing and validation. By adhering to these requirements, banks can minimize the risks associated with data loss, maintain customer trust, and comply with regulatory obligations.
Protecting and ensuring the availability of critical business information records is crucial for maintaining business continuity, supporting ongoing operations, and enabling informed decision-making.
Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
R 9A | R 9B | R9C | |||
R 9D | R 9E | R9F | |||
R 9G | R 9H | R9I | |||
R 9J | BCM Policy | Back to R9 | |||
Learn more about BCM-5000 [B-5] and BCM-300 [B-3]
Submit your intention via the "Tell Me More" button above. |
||
Alternatively, feel free to email us if you have any questions. |