Prudential Standard GOI 3.2 (Business Continuity Management - BCM) Flashcards

1
Q

BCM

A

An enterprise-wide approach that includes policies, standards and procedures for ensuring that critical business operations can be maintained or recovered in a timely fashion in the event of a disruption.

Its purpose is to minimise the financial, legal, regulatory, reputational and other material consequences arising from a disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Critical business operations

A
  • business functions
  • resources
  • infrastructure

that may, if disrupted, have a material impact on an insurer’s:

  • business functions
  • reputation
  • profitability
  • policyholders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An insurer’s BCM framework must, at minimum include: (5)

A
  • a BCM Policy
  • a regular business impact analysis
  • recovery objectives and strategies
  • a Business Continuity Plan that include crisis management and recovery plans
  • programs for:
  • – review and testing of the Business Continuity Plan
  • – training and ensuring awareness of staff in relation to BCM
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Business Impact Analysis

A

Involves an insurer identifying all its critical business operations (functions, resources and infrastructure) and assessing the impact of a material disruption on each of these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When conducting the business impact analysis the insurer must consider: (4)

A
  • plausible disruption scenarios over varying periods of time
  • the period of time for which the insurer could not operate without each of its critical business operations
  • the extent to which a disruption to the critical business operations might have a material impact on the interests of the insurer’s policyholders
  • the financial, legal, regulatory and reputational impact of a disruption on the insurer’s critical business operations over varying period of time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Recovery objectives

A

Pre-defined goals for recovering critical business operations
… to a specified level of service (recovery level)
… within a defined period (recovery time)
following a disruption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The Business Continuity Plan must document procedures and information that enable the insurer to: (2)

A
  • manage an initial business disruption (crisis management)

- recover critical business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The Business Continuity Plan must reflect the specific operational requirements of the insurer and must identify: (6)

A
  • critical business operations
  • recovery levels and time targets for each critical business operation
  • recovery strategies for each critical business operation
  • infrastructure and resources required to implement the Business Continuity Plan
  • roles, responsibilities and authorities to act in relation to the Business Continuity Plan
  • communication plans with staff and external stakeholders.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly