Disclaimer
This article is provided for general informational and educational purposes only. It summarises publicly available regulatory guidance issued by Bank Negara Malaysia.
BCM Institute is not affiliated with, endorsed by, or acting on behalf of Bank Negara Malaysia. The name “Bank Negara Malaysia” is used strictly for descriptive and reference purposes.
Explainer: R9i Business Continuity Management Policy
Part B Policy Requirements 9: BCM Framework and Methodology
Critical Business Information Records
Click the button to access the official BCM policy document (December 2022 release).
Introduction
The Business Continuity Management (BCM) Policy released on 19 December 2022 provides guidance for banks to establish effective business continuity practices.
This report focuses on Part B - Policy Requirement 9, which outlines the BCM framework and methodology banks should consider when developing their business continuity management plans.
Specifically, it highlights the requirements related to critical business information records.
This report focuses on Part B - Policy
Requirement 9 outlines the BCM framework and methodology banks should consider when developing their business continuity management plans. Specifically, it highlights the requirements related to critical business information records.
Policy Requirement 9 emphasizes identifying and safeguarding critical business information records within the BCM framework. Critical business information records refer to vital documents, data, and records essential for the operation, decision-making, and continuity of a bank's business functions.
a. Identification of Critical Business Information Records
Banks must conduct a thorough analysis to identify and classify their critical business information records. This includes identifying the types of records, their sources, locations, and the dependencies on these records for critical business functions. It is crucial to prioritize the protection and availability of these records during disruptive events.
b. Backup and Recovery Strategies
The policy requires banks to establish backup and recovery strategies for critical business information records. This involves implementing appropriate measures to ensure the timely backup, storage, and recovery of the records in the event of disruptions. Banks should define recovery time objectives (RTOs) and establish redundant systems, data replication, or secure off-site storage to safeguard critical records.
c. Data Integrity and Security
Banks must ensure the integrity and security of critical business information records. This includes implementing robust security measures, access controls, encryption, and monitoring mechanisms to protect against unauthorized access, data breaches, or tampering. Banks should also have processes in place for regular data validation, integrity checks, and audits to maintain the accuracy and reliability of critical records.
d. Documentation and Retention Policies
Policy Requirement 9 emphasizes the need for banks to have clear documentation and retention policies for critical business information records. Banks should establish procedures and guidelines for creating, maintaining, and retaining records in compliance with regulatory requirements and industry best practices. This includes defining record retention periods, securing disposal processes, and maintaining audit trails for record management activities.
e. Testing and Validation
Banks are encouraged to conduct regular testing and validation to ensure the effectiveness of the strategies and measures in place for critical business information records. This involves testing backup and recovery processes, verifying data integrity, and performing drills to assess the availability and accessibility of critical records during simulated disruptions. The results of these tests should be used to refine and improve the strategies and processes.
Conclusion
Policy Requirement 9 of the Business Continuity Management Policy highlights the significance of managing critical business information records within the BCM framework.
By identifying, safeguarding, and ensuring the availability of these records, banks can maintain operational continuity, decision-making capabilities, and regulatory compliance during disruptive events.
Effective management of critical business information records involves identifying and classifying records, implementing backup and recovery strategies, ensuring data integrity and security, establishing documentation and retention policies, and conducting regular testing and validation. By adhering to these requirements, banks can minimize the risks associated with data loss, maintain customer trust, and comply with regulatory obligations.
Protecting and ensuring the availability of critical business information records is crucial for maintaining business continuity, supporting ongoing operations, and enabling informed decision-making.
This article is an independent informational summary for educational purposes. It is not affiliated with, endorsed by, or officially representing any regulatory authority.
![Register [BL-B-3]*](https://no-cache.hubspot.com/cta/default/3893111/ac6cf073-4cdd-4541-91ed-889f731d5076.png)
![FAQ [BL-B-3]](https://no-cache.hubspot.com/cta/default/3893111/b3824ba1-7aa1-4eb6-bef8-94f57121c5ae.png)
![Email to Sales Team [BCM Institute]](https://no-cache.hubspot.com/cta/default/3893111/3c53daeb-2836-4843-b0e0-645baee2ab9e.png)
