These principles do not assume whether any business service has been assessed as Important by individual firms. However, they accept that this is likely to be the case when developing and maintaining alternative solutions, in light of correlated thresholds such as Impact Tolerance.
Artefacts
We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration
Artefacts
We aim to deliver sectorwide operational resilience improvements to benefit the safety and security of customers through trusted and effective collaboration
Welcome to the CMORG Artefact library
This brings together all CMORG outputs that are accessible to industry participants. You can register to access all of these here, but to receive a response, you must provide an industry email address and be a direct industry participant.
Filter by:
Sector Principles for Service Substitution
These principles relate to the substitution of a business service. Per the definition in the PRA and FCA’s policy on operational resilience, a business service is defined as delivering: A specific outcome or service to an identifiable user external to the firm and should be distinguished from business lines, which are a collection of services and activities.
These principles do not assume whether any business service has been assessed as Important by individual firms. However, they accept that this is likely to be the case when developing and maintaining alternative solutions, in light of correlated thresholds such as Impact Tolerance.
These principles do not assume whether any business service has been assessed as Important by individual firms. However, they accept that this is likely to be the case when developing and maintaining alternative solutions, in light of correlated thresholds such as Impact Tolerance.
Scenario Testing of Critical Third Parties
A common approach to scenario testing of critical third parties in order to address the challenge common providers have of multiple assurance engagements with diverse financial institutions.
Third Party Lifecycle Management Guidance
Industry expertise on managing resilience risks through the lifecycle of a third-party engagement, optimising the approaches undertaken by larger firms and supporting capability building across the wider sector. The guidance considers each stage of engagement from supplier selection and due diligence, classification to support supplier management approach, governance and assurance through to exit.
Payments Prioritisation (Retail)
Common definitions of critical GBP retail payments to support prioritisation across the sector during severe but plausible operational disruption.
System integrity Reconnection Framework
Guidance to the UK financial sector to aid the process of resuming business and safely reconnecting an organisation that has been technically quarantined after suffering a material cyber incident.
Log4J Lessons Learned
Sector learnings from the Log4j incident to optimise the approaches undertaken by larger firms and support capability building across the wider sector.
Third Party Information Security Management
Guidance in conjunction with the NCSC on managing third party information security to minimise the risk that an inconsistent or outdated approach leaves the sector more vulnerable to attacks.
Data Vaulting Reference Architecture
Best practice approach in which data is captured and reused in response to malicious data destruction events using a cloud hosted data vault.
Payments Prioritisation (Wholesale)
Common definitions of critical GBP wholesale payments to support prioritisation across the sector during severe but plausible operational disruption.