Regulation Overview
Guideline on ICT Security applies to Bank, Non-bank Financial Institute (NBFI), Mobile Financial Service Providers (MFSP), Payment Service Providers (PSP), Payment System Operator (PSO), White Label ATMs and Merchant Acquirers (WLAMA) and other financial service providers regulated by Bangladesh Bank.
This Revised ICT Guideline defines minimum control requirements to which each organization must adhere. The primary objectives of the Guideline are to:
- Establish ICT Governance in the Financial Sector
- Help Organizations develop their own ICT Security Policy
- Establish standard ICT Security Management approach
- Help Organizations develop secure and reliable ICT infrastructure
- Establish a secure environment for the processing of data
- Establish a holistic approach to ICT Risk management
- Establish a procedure for Business Impact Analysis in conjunction with ICT Risk Management
- Develop awareness of stakeholders’ roles and responsibilities for the protection of information
- Prioritize information and ICT systems and associated risks that need to be mitigated
- Establish appropriate project management approach for ICT projects
- Ensure best practices (industry standard) of the usage of technology
- Develop a framework for timely and effective handling of operation and information security incidents
- Mitigate any interruption to business activities and protect critical business processes from the effects of significant failures of information systems or disasters and ensure timely resumptions
- Define necessary controls required to protect data transmitted over communication networks
- Ensure that security is integrated throughout the lifecycle of information system acquisitions, development and maintenance
- Minimize security risks for electronic banking infrastructure, including ATM and POS devices, payment cards, internet banking, mobile financial services, etc.
- Build awareness and train the users associated with ICT activities for achieving the business objectives
- Harbor safe and secure usage of emerging technologies.
Detailed requirements are outlined in 13 chapters.