Back Custom print Link Text Only Rich Text Print

  • Cyber Security Strategy

    • OM-5.5.13 OM-5.5.13

      A bank-wide cyber security strategy must be defined and documented to include:

      a) The position and importance of cyber security at the licensee;
      b) The primary cyber security threats and challenges facing the licensee;
      c) The licensee’s approach to cyber security risk management;
      d) The key elements of the cyber security strategy including objectives, principles of operation and implementation approach;
      e) Scope of risk identification and assessment, which must include the dependencies on third party service providers;
      f) Approach to planning response and recovery activities; and
      g) Approach to communication with internal and external stakeholders including sharing of information on identified threats and other intelligence among industry participants.
      Added: July 2021

      • OM-5.5.14

        The cyber security strategy should be communicated to the relevant stakeholders and it should be revised as necessary and, at least, once every three years. Appendix C provides cyber security control guidelines that can be used as reference to support the licensee’s cyber security strategy and cyber security policy.

        Added: July 2021