• Font Size:
  • S
  • M
  • L

Article NO. Content

Title:

Reference Directions for Information Operation Resilience of Service Providers in Securities and Futures Markets  CH

Announced Date: 2025.02.13 (Articles 2, 8, 12, 14 amended,English version coming soon)
Current English version amended on 2022.08.10 
Categories: Information Operations
Article Content Chapter Content Search Article No. Search Legislative History Chinese
Article 10     An organization shall create the disaster response mechanism to ensure personal injuries or losses to its core system and assets in the event of a disaster can be minimized. The mechanism shall include but not limited:
  1. To establish an internal unit relating to disaster response and business continuity with the following specific responsibilities:
    1. To deploy self-protection and fire-protection personnel.
    2. To deploy emergency reporting team or urgency action team.
  2. To identify risk scenarios that may cause interruption (including natural disasters, man-made disasters and information and communication security incident), and propose emergency response measures to avoid, prevent and respond to emergency based on various risk scenarios.
  3. To establish emergency response procedures, including escape, disaster risk reduction and evacuation as instructed by the self-protection and fire-protection team, and identify status of damage to staff, office premises, communication and information equipment and various assets.
  4. To create emergency reporting procedures and specify the entity responsible for reporting and its responsibilities.
    1. To create reporting procedures within the organization, including deployment of self-protection and fire-protection team, emergency response team or relevant responsible entities.
    2. To create procedures of reporting to external police and fire protection authorities (e.g. police department and fire brigade).
    3. To establish information security reporting mechanism (e.g. formal reporting procedures and contact person for reporting of information security breach). Information security or service abnormality relating to information system shall be handled in accordance with the Guidelines Governing Securities and Futures Market Information and Communication Security Incident Reporting and Response, and proper rectification procedures shall be taken and records shall be retained.
    4. Where reporting to competent authority or external entity such as trade associations is otherwise required by the law and regulation, relevant reporting procedures shall be established.

Interpretation: