Bank Negara Malaysia issued the Business Continuity Management (BCM) Policy on 19 Dec 2022, providing guidelines for banks to establish effective business continuity practices.
This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans.
Specifically, it highlights the requirements related to critical business information records.
This report focuses on Part B - Policy
Requirement 9, outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements related to critical business information records.
Policy Requirement 9 emphasizes identifying and safeguarding critical business information records within the BCM framework. Critical business information records refer to vital documents, data, and records essential for the operation, decision-making, and continuity of a bank's business functions.
Banks must conduct a thorough analysis to identify and classify their critical business information records. This includes identifying the types of records, their sources, locations, and the dependencies on these records for critical business functions. It is crucial to prioritize the protection and availability of these records during disruptive events.
The policy requires banks to establish backup and recovery strategies for critical business information records. This involves implementing appropriate measures to ensure the timely backup, storage, and recovery of the records in the event of disruptions. Banks should define recovery time objectives (RTOs) and establish redundant systems, data replication, or secure off-site storage to safeguard critical records.
Banks must ensure the integrity and security of critical business information records. This includes implementing robust security measures, access controls, encryption, and monitoring mechanisms to protect against unauthorized access, data breaches, or tampering. Banks should also have processes in place for regular data validation, integrity checks, and audits to maintain the accuracy and reliability of critical records.
Policy Requirement 9 emphasizes the need for banks to have clear documentation and retention policies for critical business information records. Banks should establish procedures and guidelines for creating, maintaining, and retaining records in compliance with regulatory requirements and industry best practices. This includes defining record retention periods, securing disposal processes, and maintaining audit trails for record management activities.
Banks are encouraged to conduct regular testing and validation to ensure the effectiveness of the strategies and measures in place for critical business information records. This involves testing backup and recovery processes, verifying data integrity, and performing drills to assess the availability and accessibility of critical records during simulated disruptions. The results of these tests should be used to refine and improve the strategies and processes.
Policy Requirement 9 of Bank Negara Malaysia's Business Continuity Management Policy, highlights the significance of managing critical business information records within the BCM framework.
By identifying, safeguarding, and ensuring the availability of these records, banks can maintain operational continuity, decision-making capabilities, and regulatory compliance during disruptive events.
Effective management of critical business information records involves identifying and classifying records, implementing backup and recovery strategies, ensuring data integrity and security, establishing documentation and retention policies, and conducting regular testing and validation. By adhering to these requirements, banks can minimize the risks associated with data loss, maintain customer trust, and comply with regulatory obligations.
Protecting and ensuring the availability of critical business information records is crucial for maintaining business continuity, supporting ongoing operations, and enabling informed decision-making.
Business Continuity Management Policy by Bank Negara Malaysia Part B Requirement 9 | |||||
R 9A | R 9B | R9C | |||
R 9D | R 9E | R9F | |||
R 9G | R 9H | R9I | |||
R 9J | BCM Policy | Back to R9 | |||
Submit your intention via the "Tell Me More" button above. |
||
Alternatively, feel free to email us if you have any questions. |