SCPERF01-BP01 Use internal and external risk to determine performance requirements
External regulatory or supplier systems, as well as internal risk requirements, are often a good place to start for performance requirements. For certain systems, regulators release sector-wide guidance and data residency rules and regulators require that system have the capability to deliver on the operational resilience and the performance targets they have set for themselves.
Desired outcome: You can achieve best end-user performance irrespective of the data residency rules due to the regulatory requirements.
Benefits of establishing this best practice: Low latency, best end-user experience, and low risk of violating data regulations.
Level of risk exposed if this best practice is not established: High
Implementation guidance
External regulatory or supplier systems, as well as internal risk requirements, are often a good place to start for performance requirements. For certain systems, regulators release sector-wide guidance and data residency rules and regulators require that system have the capability to deliver on the operational resilience and the performance targets they have set for themselves. If the systems update the supplier database or connected to their network to pull data, the performance targets should be taken into consideration.
Implementation steps
-
Identify all relevant regulatory requirements and data residency rules that apply to your supply chain systems.
-
Analyze supplier system performance requirements and integration points that may impact overall system performance.
-
Establish performance baselines based on regulatory guidance and internal risk assessments.
-
Define performance targets that balance compliance requirements with operational efficiency.
-
Implement monitoring and alerting systems to track performance against established targets.
-
Regularly review and update performance requirements as regulations and business needs evolve.