The updated firm mapping Template helps organisations document how they engage across SRF response groups. It supports clarity, streamlined communication, and enhanced collaboration during disruption. Firms are encouraged to integrate this into their business continuity plans and keep it regularly updated.

A simplified overview which provides a quick reference for raising awareness amongst internal stakeholders including C-suite.

A cloud framework to support consistent adoption of controls and practices across shared accountability models between FS firms and Cloud Services Providers.

This Shared Responsibility Model provides baseline guidance for understanding Artificial Intelligence security responsibilities and how these are managed between client firms and AI service providers.

The Sector Response Framework (SRF) is a series of Sector Response Groups, FMI Crisis Committees, and supporting contingencies that enable parts of the sector to respond collectively to a systemic incident. It connects organisations across the Finance Sector and Government, including the Authorities to coordinate and make informed decisions in a timely manner when responding to systemic incidents.

This good practice guidance outlines the essential steps and recommendations for creating, maintaining, and securing immutable cloud-hosted data vaults to ensure the availability, integrity, and security of critical data. It takes the key outputs of the CMORG Cloud-Hosted Data Vault Reference Architecture1 and outlines actionable practices for establishing an effective cloud-hosted data vaulting process that meets regulatory requirements and mitigates risks related to data loss, corruption, and unauthorized access.

The Cross Market Operational Resilience Group’s (CMORG) AI Taskforce artefact was created in 2024 as a joint initiative of the CIO Forum and Cyber Coordination Group, in response to concerns relating to sector-level risk introduced by the rapid adoption of Generative AI (Gen-AI).

The Reconnection Framework is a voluntary series of steps, common practices, and activities a compromised organisation could consider taking to facilitate reconnection between itself and client organisations following a significant cyber incident.

This artefact was designed to provide a set of principles and broad expectations of the industry on how scenario testing with third parties should be conducted.

The guidance here is intended to be used by financial firms of all maturities as either a guidance for building a framework for scenario testing with third parties, or to act as a check point for established programs.