What are NBFCs Assets above 500 crore?

• TIT Governance, • IT Policy, • Information and Cyber Security, • IS Audit, • IT Services Outsourcing

EVENTS TESTIMONIALS vCISO

GRC KRATIKAL FOR STARTUPS

Regulatory Compliance

IS Audit (RBI) Guidelines

Overview
Methodology
Purpose
Our Approach
Benefits
Clients
FAQs

Overview : IS Audit (RBI) Guidelines Security Audit for NBFC Sector

The banking sector is one of the most vulnerable sectors in terms of cyber threats and attacks. Annually, 6 out of 10 people report that their data has been compromised by loan service. Having said this, RBI in its master directions has passed a directive for all NBFCs to conduct an IT audit and get attested by RBI under RBI IS Audit.Read continue...

Methodology

The IS Audit is conducted per the Terms of Reference (TOR) and regulations outlined by the ICAI, RBI, and pertinent authorities. The NBFC along with the external auditor, should set an audit plan along with the scope of the current and previous audits if it wants to have an audit performed. The auditors will check the network systems and work environment against security controls, network controls, access controls, and electronic document controls once they obtain a plan of action for the IS Audit.

NBFCs with more than 500 crores - The IT framework requirement would include IT Governance, operations, Business Continuity Planning and Disaster Recovery, IT service Outsourcing.

NBFCs with less than 500 crores - The IT framework needed would involve data backup and testing, having a well-defined function in the IT system, filing regulatory returns with the RBI, and generating crucial financial reports for top management... Read More

Why do organizations need it?

The goal of information security is to limit the access to sensitive data. NBFCs must have a comprehensive information security
policy that includes the following essential principles:

Confidentiality

Ensuring access to sensitive data to authorized users only.

Integrity

Assuring information accuracy and reliability by preventing.

Availability

Make sure that users have access to data whenever they need it.

Authenticity

It is vital for Information Security to ensure that data, transactions.

Our Approach

All the information and understandings are compiled in a well-documented scope, objective and crtieria, determining the boundaries and applicability of the RBI IS Audit, referring to the pain point and the requirements of the stakeholders. The Scope encompasses the work systems, the number of departments and the location of the organization.

Gathering of Information

To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.

Audit

An initial audit to understand the organization's infrastructure and to assist our clients in identifying evidence for all audit points Wherever possible, options for improvement are offered once these gaps are identified.

Recommendations

Kratikal will give appropriate recommendations for compliance with the RBI Mandate based on the evaluation results and data identification.

Audit Report

Kratikal will review your evidence on the closing of the Action phase as indicated during the audit after we complete the assessment and remediation.Upon Successful closure of the identified issues, we will submit an audit report.