Article 7 Business continuity and back-up facilities
1. A data reporting services provider shall use systems and facilities that are appropriate and robust enough to ensure continuity and regularity in the performance of the services provided referred to in Directive 2014/65/EU.
2. A data reporting services provider shall conduct periodic reviews, at least annually, evaluating its technical infrastructures and associated policies and procedures, including business continuity arrangements. A data reporting services provider shall remedy any deficiencies identified during the review.
3. A data reporting services provider shall have effective business continuity arrangements in place to address disruptive incidents, including:
(a) the processes which are critical to ensuring the services of the data reporting services provider, including escalation procedures, relevant outsourced activities or dependencies on external providers;
(b) specific continuity arrangements, covering an adequate range of possible scenarios, in the short and medium term, including system failures, natural disasters, communication disruptions, loss of key staff and inability to use the premises regularly used;
(c) duplication of hardware components, allowing for failover to a back-up infrastructure, including network connectivity and communication channels;
(d) back-up of business-critical data and up-to-date information of the necessary contacts, ensuring communication within the data reporting services provider and with clients;