Business continuity planning and testing (Principle 3)
Principle 3: Banks should have business continuity plans in place and conduct business continuity exercises under a range of severe but plausible scenarios in order to test their ability to deliver critical operations through disruption. [Further BCBS guidance on business continuity can be found in documents published through the Joint Forum (BCBS-IOSCO-IAIS), High-level principles for business continuity, August 2006.]
23. An effective business continuity plan should be forward-looking when assessing the impact of potential disruptions. Business continuity exercises [The business continuity planning and testing of critical operations should be consistent with and conducted alongside the business continuity planning articulated in Principle 11 in the proposed revisions to the PSMOR.] should be conducted and validated for a range of severe but plausible scenarios that incorporate disruptive events and incidents.
24. An effective business continuity plan should identify critical operations, and key internal and external dependencies to assess the risks and potential impact of various disruption scenarios on critical operations. These plans should incorporate business impact analyses and recovery strategies as well as testing programmes, training and awareness programmes, and communication and crisis management programmes.