Back Custom print Link Text Only Rich Text Print

  • OM-6.2 OM-6.2 Internet Security for all Banks

    • OM-6.2.1

      All banks providing internet banking services must regularly test their systems against security breaches and verify the robustness of the security controls in place. These tests must be conducted by security professionals, such as ethical hackers, that provide penetration testing services and a vulnerability assessment of the system. The tests must be undertaken by external independent parties that are not employees of the bank nor associated with it.

      Amended: April 2016
      Amended: October 2013
      Added: October 2011

    • OM-6.2.2

      The penetration testing referred to in Paragraph OM-6.2.1, must be conducted each year in June and December.

      Amended: July 2013
      Amended: April 2012
      Added: October 2011

    • OM-6.2.3

      The vulnerability assessment report, along with the steps taken to mitigate the risks must be maintained by the bank for a 5-year period from the date of testing and must be provided to the CBB within two months following the end of the month where the testing took place, i.e. for the June test, the report must be submitted at the latest by 31st August and for the December test, by 28th February (see Section BR-4A.2).

      Amended: July 2013
      Added: October 2011