A cloud framework to support consistent adoption of controls and practices across shared accountability models between FS firms and Cloud Services Providers.

The Sector Response Framework (SRF) is a series of Sector Response Groups, FMI Crisis Committees, and supporting contingencies that enable parts of the sector to respond collectively to a systemic incident. It connects organisations across the Finance Sector and Government, including the Authorities to coordinate and make informed decisions in a timely manner when responding to systemic incidents.

This good practice guidance outlines the essential steps and recommendations for creating, maintaining, and securing immutable cloud-hosted data vaults to ensure the availability, integrity, and security of critical data. It takes the key outputs of the CMORG Cloud-Hosted Data Vault Reference Architecture1 and outlines actionable practices for establishing an effective cloud-hosted data vaulting process that meets regulatory requirements and mitigates risks related to data loss, corruption, and unauthorized access.

The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce artefact was created in 2024 as a joint initiative of the CIO Forum and Cyber Coordination Group, in response to concerns relating to sector-level risk introduced by the rapid adoption of Generative AI (Gen-AI).

The Reconnection Framework is a voluntary series of steps, common practices, and activities a compromised organisation could consider taking to facilitate reconnection between itself and client organisations following a significant cyber incident.

This artefact was designed to provide a set of principles and broad expectations of the industry on how scenario testing with third parties should be conducted.

The guidance here is intended to be used by financial firms of all maturities as either a guidance for building a framework for scenario testing with third parties, or to act as a check point for established programs.

Following on from the development of the original guidance produced in 2021, this document provides an update to firms on the guidance to implementing operational resilience.

This artefact emphasises the urgency of managing quantum risk and aligns with the UK National Cyber Security Centre’s (NCSC) guidance for the financial sector which is transitioning towards quantum-safe cryptographic practice.

The Supplier Risk Assurance Framework was designed to develop a third-party assurance scale as a practical tool to help firms assess the cyber security risk of their third parties and ensure appropriate levels of risk-based control.