Effective from Feb 28 2017 - Feb 27 2017 To view other versions open the versions tab on the right
Principle
The Member Organization should define, establish and maintain a communication process for periodic communications with Saudi Central Bank on matters related to its BCM program.
Objective
To ensure that continuous communication is maintained with Saudi Central Bank by defining, agreeing and adhering to communication protocol, frequency, and roles and responsibilities for communications
Control considerations
1.
The Member Organization should report all disruptive incidents classified as "Medium" or "High" to Saudi Central Bank "Banking IT Risk Supervision" immediately. A post-incident report should be communicated to Saudi Central Bank after the Member Organization resumes to normal operations.
2.
The Member Organization should coordinate with Saudi Central Bank Supervision when communicating with the media in case of incidents.
3.
Member Organizations should seek Saudi Central Bank's approval when selecting a new site for its main or alternative data center, or when relocating the current main or alternative data center.
4.
The Member Organization should communicate the approved program for executing business continuity and disaster recovery tests, for the upcoming year, with Saudi Central Bank "Banking IT Risk Supervision" by end of January of every year.
5.
Test results of business continuity and disaster recovery should be shared with Saudi Central Bank within four weeks after the test The Member Organization should identify the improvements based on the test performed and provide an action plan to Saudi Central Bank within two months after the submission of the test results.
