A Bank must establish appropriate information technology policies and processes to identify, assess, monitor and manage technology risks.
A Bank must have appropriate information technology infrastructure to meet its current and projected business requirements under normal circumstances and in periods of stress. This infrastructure must ensure data and system integrity, security and availability and support integrated and comprehensive risk management.