IA-1.1.6
a) a detailed documentation of the technology architecture and of the systems and the network elements providing:
i. description of the business IT systems supporting the business activities;
ii. the type of authorised connections from outside, such as with partners, service providers, entities of the group and employees working remotely, including the rationale for such connections;
iii. for each of the connections, the logical security measures and mechanisms in place, specifying the control the licensee will have over such access as well as the nature and frequency of each control,
iv. process for the opening/closing of communication lines, and description of security equipment configuration, generation of keys or client authentication certificates, system monitoring, authentication, confidentiality of communication, intrusion detection, antivirus systems and logs;
b) the logical security measures and mechanisms that govern the internal access to IT systems;
c) the physical security measures and mechanisms of the premises and the data centre of the licensee, such as access controls and environmental security;
d) the security of the customer payment processes; and
e) ensure that the information systems, (both hardware and software) including the aggregation website(s)/portals, Proposal Management System and the Data Centers hosting the website(s)/Portal(s)/Proposal Management System are in compliance with the Cyber Security rules stipulated in Section RM-9.
October 2019