Get started
Digital Operational Resilience Notification

Last Updated: 18 June 2026

1. Purpose of this Notification

This Digital Operational Resilience Notification (the “Notification”) is published by Bitpace to provide transparency regarding the principles, governance, and organisational measures applied to ensure the digital operational resilience of its services.

This Notification is intended to support clients, counterparties, and other stakeholders in understanding Bitpace’s approach to managing ICT-related risks and operational disruptions, in line with high standards of operational resilience.

This Notification is provided for transparency and information purpose only and does not constitute advice, a policy, service guarantee, or contractual commitment.

2. Regulatory Environment

The framework for digital operational resilience at Bitpace is structured to align with global industry benchmarks and evolving international expectations. Rather than focusing on specific regional mandates, Bitpace adopts a principle-based approach that ensures its operational tactics are guided by recognised resilience benchmarks that remain robust across various jurisdictions.

We maintain a rigorous oversight process to align our operational methods with leading international standards for digital assets and operational strength. This adaptive framework allows Bitpace to maintain a high level of resilience while remaining flexible to shifts in the global regulatory landscape. Our robust structure includes:

  • Digital Operational Resilience & ICT Asset Frameworks: Active alignment with evolving global guidelines regarding operational resilience in the financial sector and digital asset governance.
  • Global Data Protection Standards: Adoption and application of principles consistent with international data protection frameworks, particularly with those of  the General Data Protection Regulation (EU) 2016/679 (“GDPR”),  and Canada’s Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5 (“PIPEDA”).
  • ISO 27001 Certification: Bitpace has successfully obtained and formally maintains independent certification for ISO 27001, validating that our Information Security Management System (ISMS) meets the highest international security criteria.
  • International Standards: Ongoing alignment with recognised international business continuity frameworks.

Bitpace’s digital operational resilience framework forms an integral part of its broader enterprise risk management and governance structure.

3. Scope of Digital Operational Resilience

For the purposes of this Notification, digital operational resilience refers to Bitpace’s ability to:

  • Prevent, detect, respond to, and recover from ICT-related incidents and operational disruptions;
  • Maintain the continuity and availability of critical business services;
  • Protect the confidentiality, integrity, and availability of data and systems; and
  • Adapt its controls and processes based on evolving risks, incidents, and regulatory expectations.

This scope covers Bitpace’s internally managed ICT systems, cloud-based infrastructure, and relevant third-party service dependencies supporting its regulated activities.

4. Governance and Accountability

Bitpace has established a governance framework that ensures clear accountability for operational resilience.

Key principles include:

  • Management responsibility: Senior management is responsible for overseeing digital operational resilience and ensuring appropriate resources, controls, and escalation mechanisms are in place.
  • Three Lines of Defence model:
    • Business and operational functions own and manage risks;
    • Risk and compliance functions provide independent oversight and challenge;
    • Independent assurance functions provide additional review where applicable.
  • Policy framework: Digital operational resilience principles and our certified ISO/IEC 27001 controls are deeply embedded within Bitpace’s approved internal policies, frameworks, and procedures.

5. CT Risk Management and Information Security

Bitpace applies a risk-based approach to ICT and information security management.

At a high level, this includes:

  • Identification and assessment of ICT-related risks;
  • Preventive, detective, and corrective controls proportionate to the nature and scale of operations;
  • Information security principles addressing confidentiality, integrity, and availability;
  • Access control, secure configuration, and data protection measures;
  • Ongoing monitoring and periodic review of ICT risks.

Specific technical controls and internal security arrangements are not disclosed publicly for security and confidentiality reasons.

6. Incident Management and Communication

Bitpace maintains documented incident management processes designed to:

  • Detect and assess ICT-related incidents;
  • Escalate incidents internally based on impact and severity;
  • Implement containment, remediation, and recovery actions; and
  • Perform post-incident analysis to support continuous improvement.

Where appropriate and required, Bitpace communicates with affected clients and competent authorities in accordance with applicable regulatory and contractual obligations. Bitpace will notify affected clients of major ICT incidents that have a significant impact on their financial interests without undue delay. Such notifications will include information on the incident and the measures taken to mitigate its effects.

7. Business Continuity and Disaster Recovery

Bitpace has established Business Continuity and Disaster Recovery arrangements designed to support the continuity of critical business services in the event of disruptions.
These arrangements are designed to:

  • Support continued operations during adverse events;
  • Enable timely recovery of systems and services;
  • Consider dependencies on personnel, facilities, ICT systems, and third-party providers;
  • Be periodically tested and reviewed.

Business continuity planning forms part of Bitpace’s broader operational resilience framework and is proportionate to its business model and risk profile.

8. Third-Party and Outsourcing Resilience

Bitpace relies on a combination of internal resources and third-party service providers to support its operations.

In this context, Bitpace applies:

  • Due diligence and risk-based assessment of material third-party arrangements;
  • Contractual and governance measures to support operational resilience;
  • Ongoing oversight of critical dependencies.

Bitpace prioritises the use of EU-based data centres for its critical infrastructure. Our primary hosting environment is maintained within the European Economic Area (EEA), ensuring compliance with stringent EU data protection standards and jurisdictional resilience requirements.
The use of third-party providers does not transfer Bitpace’s regulatory or operational accountability.

9. Testing, Review, and Continuous Improvement

Bitpace’s operational resilience arrangements are subject to a rigorous cycle of validation and enhancement:

  • Periodic Testing: Bitpace conducts scenario-based exercises and digital operational resilience testing at least annually for all critical ICT systems. These tests ensure that our recovery protocols are effective and that our staff is prepared for diverse disruption scenarios.
  • Regular Reviews: Our resilience framework undergoes comprehensive reviews as part of our standard risk management and governance processes.
  • Dynamic Updates: We update our policies and technical controls following any material incidents, significant changes to our operations, or new regulatory developments.

Lessons learned from both real-world incidents and simulation drills are systematically incorporated into the continuous enhancement of our security controls and operational processes.

10. Relationship with Bitpace Standard Terms and Conditions

This Notification is intended to be read alongside, but not to modify or override, Bitpace’s Standard Terms of Business (“Standard Terms”) and related contractual documentation. It does not create any new contractual rights or obligations.

In particular, but not limited to:

  • Services are provided on an “as is” and “as available” basis, as set out in the Standard Terms;
  • Bitpace does not guarantee uninterrupted or error-free service availability;
  • Liability, force majeure, and service availability provisions remain governed exclusively by the applicable contractual terms.

11. Important Disclaimer

This Notification is provided for transparency and informational purposes only.

It does not constitute and should not be interpreted as, among others:

  • A warranty or representation regarding service availability or performance.
  • A formal or contractual service level agreement (SLA).
  • A disclosure of security-sensitive or confidential information.
  • Any form of advice.
  • A notification intended for reliance.
  • An offer or invitation to utilise Bitpace’s services.

Bitpace reserves the right to periodically amend, remove, or replace this Notification. Such changes may occur to address evolving business requirements, changes in regulatory obligations, or shifts in the risk environment.

*** 

For reference, the preceding iteration of this Digital Operational Resilience Notification was published on this website on February 13, 2026. This information is provided for reference.