RBI publishes rigorous IT governance guidelines effective from April 2024 for banks and NBFCs

GURUGRAM, India - Feb. 12, 2024 - PRLog -- SIS Certifications is keen to inform you all that RBI has issued comprehensive IT governance guidelines for banks and NBFCs which will be effective April 2024. According to the central bank's 26-page master directives, their main focuses will be "strategic alignment, risk, resource and performance management, and business continuity or disaster recovery management." Local area banks and NBFC-core investment businesses would not be covered by these guidelines. These guidelines will take effect on April 1st, 2024.

This most recent set of instructions states that "REs (regulated entities) shall put in place a robust IT Service Management Framework for supporting their information systems and infrastructure to ensure the operational resilience of their entire IT environment," It further said that for the purpose to ensure data integrity, consistency, and completeness during the transfer process, REs needed to have a defined data migration policy.

"The policy shall, inter alia, contain provisions about signoffs from business users and application owners at each stage of migration, maintenance of audit trails, etc," according to the RBI.

According to the statement, any IT program that has the potential to access or modify sensitive or important data must have the required system logging and auditing capabilities, as well as audit trails. About cryptographic restrictions, it said that strong key lengths, algorithms, cipher suites, and relevant protocols should be utilized in transmission channels, data processing, and authentication.

REs must apply established, globally recognized standards that have not been deemed outdated, insecure, or vulnerable, and the configurations used to put these controls in place must adhere to current legal requirements and regulatory guidelines.

According to the guidelines, risks linked to IT, including cyber security, should be covered by the RE's risk management policy. The risk management committee of the board (RMCB) is responsible for reviewing and updating this policy on an annual or more frequent basis.

The central bank added that to determine the severity, effect, and underlying cause of cyber events, REs should analyze them. It went on to say that they ought to take remedial and preventative action to lessen the negative effects of accidents on company operations.

SIS Certifications is one of the most trusted certification bodies. Our journey started in 2010 and since then we have grown to cater to more than 15,000 clients across more than 55 countries and counting. We are accredited by both International Accreditation Services (IAS) and United Accreditation Foundation (UAF) Services.

If you would like more information about this topic please contact Mr Arunendra Dvivedi

+91 8860610495

support@siscertifications.com

https://www.siscertifications.com/