 "Secure info systems, RBI tells banks")
In the wake of increasing cyber attacks, Reserve Bank of India (RBI) on wednesday asked banks to test their information systems (IS) and check their robustness periodically.
RBI has also asked the banks to put in place appropriate business continuity plans (BCPs) and test them periodically. These ISs should also be subjected to vulnerability assessment and penetration testing (VAPT).
A BCP document should cover policies, standards and procedures to ensure continuity, resumption and recovery of critical business processes and limit the impact of any disaster on people, processes and infrastructure (including information technology). The document should also contain steps taken to minimise the operational, financial, legal, reputational and other material consequences arising from such a disaster, the central bank said.
RBI also asked banks to conduct disaster recovery drills to test their internal IT systems to handle unforeseen disruptions.
Also, in the view of increasing cyber attacks, VAPT should be conducted periodically, RBI said. The banks should prepare documents detailing cyber attacks and ensure gaps identified from the tests are plugged in a timely manner.
Further, RBI said policies governing security of ISs might be discussed and approved at the board level and updated from time-to-time. A certificate confirming the approval of the policies should be submitted to RBI, it said. It might be inspected during annual financial inspection of banks, the banking regulator said.
RBI has also asked the banks to put in place appropriate business continuity plans (BCPs) and test them periodically. These ISs should also be subjected to vulnerability assessment and penetration testing (VAPT).
A BCP document should cover policies, standards and procedures to ensure continuity, resumption and recovery of critical business processes and limit the impact of any disaster on people, processes and infrastructure (including information technology). The document should also contain steps taken to minimise the operational, financial, legal, reputational and other material consequences arising from such a disaster, the central bank said.
RBI also asked banks to conduct disaster recovery drills to test their internal IT systems to handle unforeseen disruptions.
Also, in the view of increasing cyber attacks, VAPT should be conducted periodically, RBI said. The banks should prepare documents detailing cyber attacks and ensure gaps identified from the tests are plugged in a timely manner.
Further, RBI said policies governing security of ISs might be discussed and approved at the board level and updated from time-to-time. A certificate confirming the approval of the policies should be submitted to RBI, it said. It might be inspected during annual financial inspection of banks, the banking regulator said.
You’ve reached your limit of {{free_limit}} free articles this month.
Subscribe now for unlimited access.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%