Artefacts
We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration
Artefacts
We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration
Welcome to the CMORG Artefact library
This brings together all CMORG outputs that are accessible to industry participants. You can register to access all of these here, but to receive a response, you must provide an industry email address and be a direct industry participant.
Filter by:
Collaborative Scenario Testing of Third Parties - Effective Practices
This document is designed to provide a set of principles and broad expectations of the industry on how scenario testing with third parties should be conducted. The guidance here is intended to be used by financial firms of all maturities as either a guidance for building a framework for scenario testing with third parties, or to act as a check point for established programs.
Sector Response Framework (SRF) Summary
The Sector Response Framework (SRF) is a series of Sector Response Groups, FMI Crisis Committees, and supporting
contingencies that enable parts of the sector to respond collectively to a systemic incident It connects organisations across
the Finance Sector and Government, including the Authorities to coordinate and make informed decisions in a timely manner
when responding to systemic incidents This is facilitated by the Cross Market Business Continuity Group (CMBCG) which
brings together senior decision makers to manage the strategic response for the sector.
contingencies that enable parts of the sector to respond collectively to a systemic incident It connects organisations across
the Finance Sector and Government, including the Authorities to coordinate and make informed decisions in a timely manner
when responding to systemic incidents This is facilitated by the Cross Market Business Continuity Group (CMBCG) which
brings together senior decision makers to manage the strategic response for the sector.
Third Party Critical Vulnerability Response Playbook
This playbook is a Cross Market Operational Resilience Group (CMORG) capability, delivered under the governance of the CMORG Cyber Coordination Group in collaboration with the Financial Sector Cyber Collaboration Centre (FSCCC). It is intended to support effective sector coordination and information
sharing in response to a major third party zero day or critical vulnerability.
The playbook is aligned with FSCCC strategic objectives to define collaborative methods between members to improve industry’s ability to respond to cyber threats and/or incidents with actual or potential systemic impacts to the UK financial sector.
sharing in response to a major third party zero day or critical vulnerability.
The playbook is aligned with FSCCC strategic objectives to define collaborative methods between members to improve industry’s ability to respond to cyber threats and/or incidents with actual or potential systemic impacts to the UK financial sector.
CMORG Portfolio
Please find here the latest portfolio of workstreams overseen by CMORG. This is to support firms and groups in understanding the wider portfolio of activity and the work being developed across CMORG, and to promote engagement with these workstreams.
CMORG Meeting Minutes
Please find here the meeting minutes for CMORG meetings to inform firms and groups of the discussions and decisions made at the CMORG group level.
Guidance for Firm Operational Resilience
The guidance incorporates the key requirements set out by the UK regulators for implementing operational resilience into firms. The content should be considered as high-level principles that can be used proportionately by a firm accordingly to their size, scale and complexity. It is not intended to be prescriptive or mandatory, but rather to support completion of individual firm documentation that aligns to the organisation’s specific corporate governance requirements and templates.
Sector Principles for Service Substitution
These principles relate to the substitution of a business service. Per the definition in the PRA and FCA’s policy on operational resilience, a business service is defined as delivering: A specific outcome or service to an identifiable user external to the firm and should be distinguished from business lines, which are a collection of services and activities.
These principles do not assume whether any business service has been assessed as Important by individual firms. However, they accept that this is likely to be the case when developing and maintaining alternative solutions, in light of correlated thresholds such as Impact Tolerance.
These principles do not assume whether any business service has been assessed as Important by individual firms. However, they accept that this is likely to be the case when developing and maintaining alternative solutions, in light of correlated thresholds such as Impact Tolerance.
Sector Response Framework
To provide a mechanism for firms, FMI and industry groups to coordinate, share information, and ensure the sector can respond effectively to significant operational incidents. Contains schematic overview of all response groups of the sector, their role and invocation procedures and links to other groups to support collaborative cross-sector engagement.
SIMEX22 Single Company Exercise
The Single Company Exercise (SCE) has been designed so that SIMEX’s value could be extended to as wide a range of firms as possible. SCE has been produced to allow any firm, but especially smaller firms without specific exercising experience or expertise, to deliver an effective internal exercise. The materials are based on a severe but plausible scenario and can be used to exercise a range of capabilities and test important business services.