This appendix discusses four key elements of BCP (business continuity planning) that a financial institution should address to ensure they are contracting with TSPs that are strengthening the resilience of technology services:
- Third-party management addresses a financial institution management's responsibility to control the business continuity risks associated with its TSPs and their subcontractors.
- Third-party capacity addresses the potential impact of a significant disruption on a third-party servicer's ability to restore services to multiple clients.
- Testing with third-party TSPs addresses the importance of validating business continuity plans with TSPs and considerations for a robust third-party testing program.
- Cyber resilience covers aspects of BCP unique to disruptions caused by cyber events.