Section 4.2.5 Business continuity plans
CSSF Circular 22/806 on outsourcing (as amended by CSSF 25/883) · CSSF 22/806
47. Special attention shall be paid to the continuity aspects and the revocable nature of an outsourcing arrangement. The In-Scope Entity shall be able to continue its critical functions in case of exceptional events or crisis.
48. In-Scope Entities shall have in place, maintain and periodically test appropriate business continuity plans with regard to outsourced critical or important functions.
49. Business continuity plans shall take into account the possible event that the quality of the provision of the outsourced critical or important function deteriorates to an unacceptable level or fails. Such plans shall also take into account the potential impact of the insolvency or other failures of service providers and, where relevant, political risks in the service provider’s jurisdiction.
50. Where the outsourcing arrangement comprises ICT systems and data of In- Scope Entities, the measures for redundancy and backup of these systems and data shall either be specified in the outsourcing agreement with the service
22 Please also refer to Circular CSSF 12/552, Part II, sub-chapter 7.2 (points 165 to 174) for credit institutions or Circular CSSF 20/758, Part II, sub-chapter 7.2 (points 167 to 176) for investment firms.
CIRCULAR CSSF 22/806 as amended by Circular CSSF 25/883
provider or configured by the In-Scope Entities 23, in line with the business continuity plan of the In-Scope Entities.