LI Network
Published on: November 09, 2023 at 10:35 IST
The Reserve Bank of India (RBI) has released a comprehensive Master Direction aimed for banks and Non-Banking Financial Companies (NBFCs) concerning Information Technology Governance, Risk, Controls, and Assurance Practices.
These guidelines outline the responsibilities of directors in these regulated entities to ensure the protection of customers’ interests.
These directives consolidate and update previously issued guidelines, instructions, and circulars on IT Governance. They are scheduled to take effect from April 1, 2024.
The guidelines require all regulated entities to maintain vigilance over the following key areas:
- ‘Cyber events,’ defined as observable occurrences in an information system that may indicate the presence of a cyber incident.
- ‘Cyber security,’ which pertains to safeguarding the confidentiality, integrity, and availability of information through digital means, including attributes like authenticity, accountability, non-repudiation, and reliability.
- ‘Cyber incident,’ which refers to any adverse impact on the cyber security of an information asset, whether resulting from malicious activity or other factors.
- ‘Cyber-attack,’ encompassing malicious efforts to exploit vulnerabilities in the cyber realm, leading to damage, disruption, or unauthorized access to assets.
- ‘De-militarized Zone’ or ‘DMZ,’ a network segment situated between internal and external networks.
The guidelines also define an ‘Information Asset’ as any data, device, or component supporting information-related activities, including information systems, data, hardware, and software.
Foreign banks operating in India are also expected to adhere to these guidelines and engage with the RBI if they need an exemption from specific norms.
