Versions

 

CM-1.2.6

All CRB members must meet the following requirements and incorporate them into their policies and procedures:

a) Establish an electronic monitoring system to detect, monitor and maintain records and a log of all access to CRB data by the CRB member’s employees;
b) Conduct a monthly internal audit on the access logs to identify unauthorised access to CRB data by any employee without securing customer consent and report to the CBB any observed violation of Article 68(bis(2)) of CBB Law;
c) Require the sign off of a CRB member’s designated employee on their legal obligations concerning the confidentiality of CRB data and that any violation of Article 68(bis(2)) of CBB Law would subject them to an enforcement action in accordance with CBB Law; and
d) Cover compliance with the above requirements in the performance appraisal of relevant employees.
Added: July 2020