Versions

 

COBS 20.14.3

(1) A Third Party Provider must take such steps as directed by the Regulator to demonstrate the safety and integrity of their Interfacing Systems.

(2) Prior to commencing operations, the Senior Executive Officer of a Third Party Provider must provide the Regulator with an attestation that the Third Party Provider has taken all reasonable steps to ensure the security and integrity of their Interfacing Systems.

(3) On an annual basis or more frequently if requested by the Regulator, the Senior Executive Officer of a Third Party Provider must provide the Regulator with an attestation that the Third Party Provider has taken all reasonable steps to ensure the security and integrity of their Interfacing Systems.

(4) An attestation under (2) or (3) must be in such form and manner, and contain such information, as the Regulator may direct.

(5) For each attestation provided to the Regulator, the Third Party Provider must provide a report by a qualified independent third party that assesses the adequacy of the personnel, procedural and technical controls put in place by the Third Party Provider or any other parties to whom the Third Party Provider may have outsourced operational functions.