This report was submitted by the working group created by the RBI to address the issues on information security, electronic banking, technology risk management and cyber fraud.

The report is divided into different chapters and each chapter include introduction, associated roles and responsibilities and the desired control recommendations from the RBI for banks to implement compulsorily.

The report covered 3 topics in-depth:

  • Governance
  • IT Operations
  • IT Outsourcing

Objectives of the working group:

Provide recommendations with respect to information security in order to comprehensively provide for a broad framework to mitigate present internal and external threats to banks

  • Provide recommendations for effective and comprehensive Information Security Audit related processes to provide assurance on the level of IT risks.

  • Identify measures to improve Business Continuity and disaster recovery related processes in banks.

  • Assess the impact of legal risks arising out of cyber laws, the need for any specific legislation relating to data protection and privacy