Regulatory requirements for Self-Assessment documents
Important business services
Identified by the firm and the justification for the determination made.
Impact tolerances set for each important business service and the justification for the level at which they have been set
The firm’s approach to mapping and how this has been used to:
- Identify the people, processes, technology, facilities and information necessary to deliver each of its important business services;
- Identify vulnerabilities; and
- Support scenario testing.
The testing strategy and plan, and the justification for the approach adopted
Scenario testing carried out including a description and justification of the assumptions made in relation to scenario design and any identified risks to the firm’s ability to meet its impact tolerances
Any lessons learnt exercise conducted
Vulnerabilities identified including remediation actions taken or planned and justifications for their completion time
The firm’s communication strategy and how it will help reduce the anticipated harm caused by operational disruptions
The methodologies used to undertake the above activities.
Have you read our responses behind other key questions in the series? You can view them by clicking on the links to the pages below:
- Purpose of the Self-Assessment
- Points for Attention and Key Considerations
- Format and Contents of the Self-Assessment