QRC Assurance And Solutions Pvt. Ltd.

RBI Co-Operative Bank IS Audit

RBI Co Operative IS

RBI enhanced the Cyber Security Framework for Urban Cooperative Banks (UCBs), revising its initial release of October 19, 2018. Being a CERT-In Empaneled Security Auditor, QRC helps our clients to understand, manage and comply with periodic releasing RBI Guidelines. The Periodic reviews of the security of the bank’s infrastructure and assets are a must to find out vulnerabilities and security loopholes. Hence, we need to take the appropriate actions to be taken by the Co-Operative Banks to fill the security loopholes and get rid of vulnerabilities.

The following is a quick summary of some of the key points and requirements from the new Cyber Security Framework for Urban Cooperative Banks (UCBs).

Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

  • Board approved Cyber Security Policy

  • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB

  • IT Architecture/Framework should be security compliant

  • Cyber Crisis Management Plan

  • Organizational Arrangements

  • Cyber Security awareness among Top Management/Board/other concerned parties

  • Ensuring protection of customer information

  • Supervisory reporting framework

Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

Level I Requirements

  • Baseline Cyber Security and Resilience Requirement

  • Vendor/Outsourcing Risk Management

Level II Requirements

  • Network Management and Security

  • Secure Configuration

  • Application Security Life Cycle (ASLC)

  • Change Management

  • Periodic Testing

  • User Access Control / Management

  • Authentication Framework for Customers

  • Anti-Phishing

  • Data Leak Prevention Strategy

  • Audit Logs

  • Incident Response and Management

Level III Requirements

  • Network Management and Security

  • Secure Configuration

  • Application Security Life Cycle (ASLC)

  • User Access Control

  • Advanced Real-time Threat Defence and Management

  • Maintenance, Monitoring, and Analysis of Audit Logs

  • Incident Response and Management

  • User / Employee/ Management Awareness

  • Risk based transaction monitoring

Level IV Requirements

  • Arrangement for continuous surveillance – Setting up of Cyber Security Operation Centre (C-SOC)

  • Participation in Cyber Drills

  • Incident Response and Management

  • Forensics and Metrics

  • IT Strategy and Policy

  • IT and IS Governance Framework

  • IT Strategy Committee

  • IT Steering Committee

  • Chief Information Security Officer (CISO)

  • Information Security Committee

  • Audit Committee of Board (ACB)

We help our clients to get an in-depth analysis of the RBI Cyber Security Framework for Cooperative Banks and meet the RBI Cyber Security Guidelines.

Audit Approach:

RBI Co Operative IS

Business Understanding

Evaluating business process and environment to understand the in-scope elements

RBI Co Operative IS

Audit Scope Finalization

Detailed questionnaire is shared with your teams along with other documentation, and evidence is collected on the architecture, implementation and controls.

RBI Co Operative IS

Initial/Readiness Assessment

As per the Cyber Security Framework Urban Cooperative directive, we will conduct an initial audit of all the storage locations which comprise of any payment related data.

RBI Co Operative IS

Risk Assessment

Identifying and analysing the risks in the information security posture.

RBI Co Operative IS

Data Flow Assessment

Conducting thorough systems analysis to evaluate data flow and possible leakages

RBI Co Operative IS

Remediation Support

As per the assessment, and the identification of the payment data, QRC will provide remediation support for complying with the RBI directive on the baseline technology requirement and the security controls.

RBI Co Operative IS

Scans And Testing

Identify critical vulnerabilities in your system with a robust testing approach

RBI Co Operative IS

Evidence Review

Review of the evidence collected to assess their maturity, in line with the compliance

RBI Co Operative IS

Final Audit

Post remediation, we conduct a final audit and review your evidence as identified during the audit. On successful closure, we will share the confirmation letter that all assets defined as per the scope meet the prescribed guidelines.

RBI Co Operative IS

Concise Reporting

Our team documents a comprehensive report detailing all findings covered during the assessment cycle.

frequently asked questions

Yes, RBI Co-operative Bank IS Audit is mandatory for all Co-operative Banks.

Read More

Related Updates




Copyright 2024 @ QRC Assessments Services Pvt. Ltd. | All Rights Reserved.

LinkedIn Facebook Twitter Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.

X