Artefacts

We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration

Welcome to the CMORG Artefact library

This brings together all CMORG outputs that are accessible to industry participants. You can register to access all of these here, but to receive a response, you must provide an industry email address and be a direct industry participant.

Filter by:

Third Party
Third Party Lifecycle Management Guidance
Industry expertise on managing resilience risks through the lifecycle of a third-party engagement, optimising the approaches undertaken by larger firms and supporting capability building across the wider sector. The guidance considers each stage of engagement from supplier selection and due diligence, classification to support supplier management approach, governance and assurance through to exit.
Payments
Payments Prioritisation (Retail)
Common definitions of critical GBP retail payments to support prioritisation across the sector during severe but plausible operational disruption.
Third Party
System integrity Reconnection Framework
Guidance to the UK financial sector to aid the process of resuming business and safely reconnecting an organisation that has been technically quarantined after suffering a material cyber incident.
Technology and cyber
Log4J Lessons Learned
Sector learnings from the Log4j incident to optimise the approaches undertaken by larger firms and support capability building across the wider sector.
Technology and cyber
Data Vaulting Reference Architecture
Best practice approach in which data is captured and reused in response to malicious data destruction events using a cloud hosted data vault.
Payments
Payments Prioritisation (Wholesale)
Common definitions of critical GBP wholesale payments to support prioritisation across the sector during severe but plausible operational disruption.
Technology and cyber
Third Party Information Security Management
Guidance in conjunction with the NCSC on managing third party information security to minimise the risk that an inconsistent or outdated approach leaves the sector more vulnerable to attacks.
Technology and cyber
Cloud Control Framework
A cloud framework to support consistent adoption of controls and practices across shared accountability models between FS firms and Cloud Services Providers.
Technology and cyber
Security in the Cloud
Guidance on how to plan and implement security in the Cloud to optimise the approach undertaken by CMORG firms and support capability building across the wider sector.