|
Article 3
|
- Business continuity: Ability to handle and respond with flexibility when information operation is damaged, experiences irregularities or services are interrupted.
- Core business: Refers to necessary business that directly provides trading services to clients or supports continuous operation of trading business.
- Core system: Refers to necessary system that directly enables client trading or supports continuous operation of trading business. All other systems are non-core systems.
- Business impact analysis (BIA): Analysis method that identifies impacts on the organization as the period of interruption of core business lengthens.
- Maximum tolerable period of interruption (MPTD): The maximum tolerable period of interruption upon occurrence of interruption to the core business, with laws and regulations, revenue losses and interested party’s demand being taken into consideration.
- Recovery Time Objective (RTO):
- RTO for core business: After occurrence of a disruptive incident, the target time from occurrence of the disruptive incident to core business to recovery to the minimum tolerable service level, to be determined based on the results of BIA.
- RTO for core system: After occurrence of a disruptive incident, the target time from occurrence of the disruptive incident to core system to recovery to the minimum tolerable service level.
- RTO for core system shall be shorter than or equal to RTO for core business.
- Recovery Point Objective (RPO):
- RPO for core business: The value representing the tolerable amount of data loss pertaining to core business upon occurrence of a disruptive incident to be determined based on the nature of core business, which should be decided based on the results of BIA.
- RPO for core system: The value representing the tolerable amount of data loss pertaining to core system upon occurrence of a disruptive incident to be determined based on the nature of core business.
- RPO for core system shall be less than or equal to RPO for core business.
- Minimum tolerable service level: The minimum operation level scheduled and expected to be returned to within the recovery time objective (RTO) specific to the applicable core business based on the recovery objective of core business.
- Disaster response mechanism: Response, disaster risk reduction or recovery measures applicable to relevant operation procedure of an individual system upon occurrence of irregularity or interruption of core system caused by disaster.
|