Information security to be ensured differently in Kazakhstan’s banks
Baku, Azerbaijan, Aug. 28
The national Bank of Kazakhstan has developed a strategy of cybersecurity of the financial sector for 2018-2022, "Kursiv" reported.
The rules are introduced within the framework of this project, which on the one hand will complicate the life of bankers, and on the other hand will ensure the safety of customers.
The new rules of the National Bank for information security in banks and organizations providing certain financial services will come into force on December 1 this year.
"One of the main innovations is that the national bank requires banks to have information security management systems. This refers to the presence of compliance with certain requirements. Banks are expected to have certain procedures, policies, and regulatory actions to maintain information security management systems," Boris Mazets, Senior Manager at PwC Kazakhstan company said.
Now the board of directors, management board, risk management department, human resources department, compliance control department, legal department will be responsible for compliance with the rules and requirements of information security.
"An important point is the creation of a collegial body. What does that imply? There must be a certain body, certain procedures of that body. The staff responsible for information security should come together and all meetings should be on the record. Once a quarter, this body should meet to assess the risks, I think," Mazets said.
The rules regulate the introduction of certain procedures for incident management, notification about incidents by the National Bank. In addition, according to the new requirements of the national bank, all information about incidents should be stored for at least 5 years.
"It is required to ensure functioning of the information security department separately from the IT department. The information security department must be subordinated to a member of the board who does not manage the IT department. They can be supervised by any security service, or the chairman of the board of a second-tier bank", Mazets explained.