This notice applies to all operators and settlement institutions of designated payment systems.
It sets out requirements for a high level of reliability, availability and recoverability of critical IT systems and for such entities to implement IT controls to protect customer information from unauthorised access or disclosure.