Principles for Data Recovery From a Severe Cyber Scenario
Financial firms and regulators have a shared interest in recovering critical operations in a safe and effective manner. Setting aspirational recovery-time objectives and impact tolerances that do not balance safety and speed in recovery may, in some instances, create more risks to financial institutions, the investors they serve and the sector at large. Regulatory agencies around the world are similarly focused on the resilience of an institution’s critical operations during and recovering from a potential disruptive event.
The principles outlined in this white paper will help firms and regulators determine what is achievable during extreme events and set appropriate risk-based expectations for testing, reporting, resiliency and recovery from extreme events.