Back Custom print Link Text Only Rich Text Print

  • OM-6.6 OM-6.6 Cyber Security Measures

    • OM-6.6.1

      Clear ownership and management accountability of the risks associated with cyber attacks and related risk management must be established, which cover not only the IT function but also all relevant business lines. Cyber security must be made part of the licensee IT security policy.

      Added: October 2016

    • OM-6.6.2

      The Board and senior management must ensure that the cyber security controls are periodically evaluated for adequacy, taking into account emerging cyber threats and establishing a credible benchmark of cyber security controls endorsed by the Board and senior management. Should material gaps be identified, the Board and senior management must ensure that corrective action is taken immediately.

      Added: October 2016

    • OM-6.6.3

      Licensees must report to the CBB within one week any instances of cyber attacks, whether internal or external, that compromise customer information or disrupt critical services that affect their operations. When reporting such instances, licensees must provide the root cause analysis of the cyber attack and measures taken by them to ensure that similar events do not recur.

      Added: October 2016