Regulations 33. Risk management.—

An information utility shall establish an appropriate risk management framework in accordance with the Technical Standards, if any, which provides for matters, including-

• (a) reliable, recoverable and secure systems;
• (b) provision of core services during disasters and emergencies; and
• (c) business continuity plans which shall include disaster recovery sites.