7
Information Sharing with Firms
7.1
A critical third party must have in place effective and secure processes and procedures to ensure sufficient and timely information is given to a firm to which it provides any systemic third party services to enable that firm to manage adequately risks related to its use of the critical third party's systemic third party services.
- 01/01/2025
7.2
The information referred to in 7.1 includes, but is not limited to:
- (1) results of testing and exercising carried out in accordance with 5 (including any action taken in the light of the results of the testing and exercising);
- (2) the annual self-assessment prepared in compliance with 6.1(2), redacted as appropriate; and
- (3) the appropriate maximum tolerable level of disruption set by the critical third party in accordance with 4.10(2) for each systemic third party service provided to the firm.
- 01/01/2025