The RBI has introduced a comprehensive Master Direction for banks and NBFCs regarding Information Technology Governance, Risk, Controls, and Assurance Practices. This directive outlines the responsibilities of Directors in safeguarding customer interests and consolidates and updates previous IT Governance guidelines. 

Effective from April 1, 2024, these guidelines require regulated entities to closely monitor-

‘Cyber events’ – Observable incidents in information systems that may indicate cyber incidents.
‘Cyber security’ – Preserving information integrity and availability in the cyber realm, including properties like authenticity and reliability.
‘Cyber incident’ – Any cyber event negatively impacting information asset security, whether due to malicious activities or not.
‘Cyber-attack’ – Malicious attempts through cyber means to exploit vulnerabilities and gain unauthorized access.
‘De-militarized Zone’ or ‘DMZ’ – A network segment situated between internal and external networks.
‘Information Asset’ – Data, devices, or components supporting information-related activities, encompassing information systems, data, hardware, and software.

Exciting news! We’re now on WhatsApp Channels too.  Subscribe today by clicking the link and stay updated with the latest insights in the startup ecosystem! Click here!

Foreign banks in India must adhere to these guidelines and engage with the RBI for exemptions from specific norms if needed.

The RBI has introduced a comprehensive Master Direction for banks and NBFCs regarding Information Technology Governance, Risk, Controls, and Assurance Practices. This directive outlines the responsibilities of Directors in safeguarding customer interests and consolidates and updates previous IT Governance guidelines. 

Effective from April 1, 2024, these guidelines require regulated entities to closely monitor-

‘Cyber events’ – Observable incidents in information systems that may indicate cyber incidents.
‘Cyber security’ – Preserving information integrity and availability in the cyber realm, including properties like authenticity and reliability.
‘Cyber incident’ – Any cyber event negatively impacting information asset security, whether due to malicious activities or not.
‘Cyber-attack’ – Malicious attempts through cyber means to exploit vulnerabilities and gain unauthorized access.
‘De-militarized Zone’ or ‘DMZ’ – A network segment situated between internal and external networks.
‘Information Asset’ – Data, devices, or components supporting information-related activities, encompassing information systems, data, hardware, and software.

Exciting news! We’re now on WhatsApp Channels too.  Subscribe today by clicking the link and stay updated with the latest insights in the startup ecosystem! Click here!

Foreign banks in India must adhere to these guidelines and engage with the RBI for exemptions from specific norms if needed.