MIR 2.5.19

The Regulator may also have regard to the arrangements for maintaining, recording and enforcing technical and operational standards and specifications for information technology systems, including:

(a) the procedures for the evaluation, selection and testing of information technology systems;
(b) the procedures for problem management and system change;
(c) the arrangements to monitor and report system performance, availability and integrity;
(d) the arrangements (including spare capacity and access to back-up facilities) made to ensure information technology systems are resilient and not prone to failure;
(e) the arrangements made to ensure business continuity in the event that an information technology system does fail;
(f) the arrangements made to protect information technology systems from damage, tampering, misuse or unauthorised access; and
(g) the arrangements made to ensure the integrity of data forming part of, or being processed through, information technology systems.