Follow on Google News
News By Tag
News By Location
Follow on Google News
RBI publishes rigorous IT governance guidelines effective from April 2024 for banks and NBFCs
By: SIS Certifications
This most recent set of instructions states that "REs (regulated entities) shall put in place a robust IT Service Management Framework for supporting their information systems and infrastructure to ensure the operational resilience of their entire IT environment,"
"The policy shall, inter alia, contain provisions about signoffs from business users and application owners at each stage of migration, maintenance of audit trails, etc," according to the RBI.
According to the statement, any IT program that has the potential to access or modify sensitive or important data must have the required system logging and auditing capabilities, as well as audit trails. About cryptographic restrictions, it said that strong key lengths, algorithms, cipher suites, and relevant protocols should be utilized in transmission channels, data processing, and authentication.
REs must apply established, globally recognized standards that have not been deemed outdated, insecure, or vulnerable, and the configurations used to put these controls in place must adhere to current legal requirements and regulatory guidelines.
According to the guidelines, risks linked to IT, including cyber security, should be covered by the RE's risk management policy. The risk management committee of the board (RMCB) is responsible for reviewing and updating this policy on an annual or more frequent basis.
The central bank added that to determine the severity, effect, and underlying cause of cyber events, REs should analyze them. It went on to say that they ought to take remedial and preventative action to lessen the negative effects of accidents on company operations.
SIS Certifications is one of the most trusted certification bodies. Our journey started in 2010 and since then we have grown to cater to more than 15,000 clients across more than 55 countries and counting. We are accredited by both International Accreditation Services (IAS) and United Accreditation Foundation (UAF) Services.
If you would like more information about this topic please contact Mr Arunendra Dvivedi