 "IT governance rules: RBI releases draft guidelines for regulated entities")
The Reserve Bank of India (RBI) on Thursday released a draft master direction on information technology (IT) governance for all regulated entities, which will mandate them to put in place a robust IT governance framework, consisting of governance structures and processes necessary for them to meet their business objectives.
The framework will specify the role and responsibilities of the board of directors and the senior management of the entity. It will also have to include adequate oversight mechanisms to ensure accountability and mitigation of business risks.
“The key focus areas of IT governance shall include strategic alignment, value delivery, risk management, resource management, performance management and business continuity/ disaster recovery management,” the RBI said.
The RBI is going to ask the regulated entities to establish a board level IT strategy committee, which will have a minimum of two directors as members, and atleast one of them must have substantial expertise in managing/ guiding technology initiatives. This committee will ensure that the entity has put in place an effective IT strategic planning process in place.
According to RBI, the chief executive officer of the regulated entity will have the overall responsibility and institute an effective oversight on the plan and execution of IT Strategy. He will also be in charge to put in place appropriate mechanisms to ensure IT/ IS and their support infrastructure are functioning effectively and efficiently; cyber security posture of the RE is robust; and overall, IT contributes to productivity, effectiveness and efficiency in business operations.
Furthermore, the regulated entities have to institute an IT steering committee, with an objective of assisting the board, IT strategy committee in IT strategic planning and oversight.
The regulated entities will also have to appoint a head of IT operations, who is technically competent and experienced in IT related aspects. The person will be responsible for ensuring implementation of IT policy, IT strategy and vision of the regulated entity among a host of other things such as putting in place a documented IT standard operating procedure.
“A periodic assessment of the training requirements for human resources shall be made to ensure that sufficient, competent, and capable human resources are available. Regulated entities shall have a documented training plan/ programme for periodic training/ awareness workshops for the members of its board, senior management, CxOs, members of the IT function and other employees on aspects pertaining to IT and Information Security”, RBI said.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%