Related provisions for SYSC 13.7.8
1 - 6 of 6 items.
Failures in processing information (whether physical, electronic or known by employees but not recorded) or of the security of the systems that maintain it can lead to significant operational losses. A firm should establish and maintain appropriate systems and controls to manage its information security risks. In doing so, a firm should have regard to:(1) confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require
Operating processes and systems at separate geographic locations may alter a firm's operational risk profile (including by allowing alternative sites for the continuity of operations). A firm should understand the effect of any differences in processes and systems at each of its locations, particularly if they are in different countries, having regard to:(1) the business operating environment of each country (for example, the likelihood and impact of political disruptions or
In
relation to the retention of records for non-MiFID
business, a firm should
have appropriate systems and controls in place with respect to the adequacy
of, access to, and the security of its records so that the firm may
fulfil its regulatory and statutory obligations. With respect to retention
periods, the general principle is that records should be retained for as long
as is relevant for the purposes for which they are made.1