33. Risk management.
An information utility shall establish an appropriate risk management framework in accordance with the Technical Standards, if any, which provides for matters, including-
(a) reliable, recoverable and secure systems;
(b) provision of core services during disasters and emergencies; and
(c) business continuity plans which shall include disaster recovery sites.