Back Custom print Link Text Only Rich Text Print

  • Incident Reporting to CBB

    • GR-12.2.59

      Upon occurrence or detection of any cyber security incident, whether internal or external, that compromises customer information or disrupts critical services that affect operations, licensees must contact the CBB, immediately (within one hour), on 17547477 and submit Section A of the Cyber Security Incident Report (Appendix RM-1) to CBB’s cyber incident reporting email, incident.ancillary@cbb.gov.bh (for Ancillary Service Providers) or incident.tpa@cbb.gov.bh (for TPAs), within two hours.

      Amended: April 2022
      Added: January 2022

    • GR-12.2.60

      Following the submission referred to in Paragraph GR-12.2.59, the licensee must submit to CBB Section B of the Cyber Security Incident Report (Appendix RM-1) within 10 calendar days of the occurrence of the cyber security incident. Licensees must include all relevant details in the report, including the full root cause analysis of the cyber security incident, its impact on the business operations and customers, and all measures taken by the licensee to stop the attack, mitigate its impact and to ensure that similar events do not recur. In addition, a weekly progress update must be submitted to CBB until the incident is fully resolved.

      Amended: April 2022
      Added: January 2022

    • GR-12.2.61

      With regards to the submission requirement mentioned in Paragraph GR-12.2.60, the licensee should submit the report with as much information as possible even if all the details have not been obtained yet.

      Added: January 2022