Skip to main content

V. Operational resilience principles

14. This section presents the Committee's principles for operational resilience which are organised across the following seven categories: governance; operational risk management; business continuity planning and testing; mapping of interconnections and interdependencies of critical operations; third-party dependency management; incident management; and resilient information and communication technology (ICT), including cyber security. The principles are to be applied on a consolidated basis to banks consistent with the scope of the Basel Framework.

15. These categories are based on the Committee's updated PSMOR, and previously issued principle-based guidance on corporate governance, business continuity, outsourcing and other relevant risk management frameworks. The practices described below, some of which reflect previously issued guidance, should not be viewed in isolation, but rather as integral parts of a bank's forward-looking operational resilience approach in line with its operational risk appetite and tolerance for disruption.