Effective from 2017-02-27 - Feb 26 2017 To view other versions open the versions tab on the right
Principle
The Member Organization should define, establish and maintain a communication process for periodic communications with SAMA on matters related to its BCM program.
Objective
To ensure that continuous communication is maintained with SAMA by defining, agreeing and adhering to communication protocol, frequency, and roles and responsibilities for communications
Control considerations
1.
The Member Organization should report all disruptive incidents classified as "Medium" or "High" to SAMA "Banking IT Risk Supervision" immediately. A post-incident report should be communicated to SAMA after the Member Organization resumes to normal operations.
2.
The Member Organization should coordinate with SAMA Supervision when communicating with the media in case of incidents.
3.
Member Organizations should seek SAMA's approval when selecting a new site for its main or alternative data center, or when relocating the current main or alternative data center.
4.
The Member Organization should communicate the approved program for executing business continuity and disaster recovery tests, for the upcoming year, with SAMA "Banking IT Risk Supervision" by end of January of every year.
5.
Test results of business continuity and disaster recovery should be shared with SAMA within four weeks after the test The Member Organization should identify the improvements based on the test performed and provide an action plan to SAMA within two months after the submission of the test results.
