Regulatory Compliance

RBI Guidelines

Q: What are NBFCs Assets above 500 crore?

a) TIT Governance b) IT Policy c) Information and Cyber Security d) IS Audit e) IT Services Outsourcing

Overview
Methodology
Purpose
Our Approach
Benefits
Clients
FAQs

Overview : RBI Guidelines Security Audit for NBFC Sector

In India, Non-Banking Finance Corporations (NBFCs) are regarded as important players in the economy. The demand for Information Technology (IT), Information Security Framework, and IT Audit has evolved as the country develops and matures over time. To ensure the safety and security of the NBFCs and their consumers, NBFCs are expected to improve security measures. On a regular basis, a CERT-IN empanelled institution must perform an annual information Security Audit. Data security, audit control, corporate governance, risk management, and other terms and conditions of the license will be followed by the NBFC. While proceeding with the NBFC sector, which includes cyber security and information audits, and more, the RBI published new updated information related to information technology framework.Read continue...

Methodology

The RBI has established a standardized framework for information and cyber security, as well as a governance structure to ensure that all security issues are to be addressed on a regular basis. The main purpose is to establish universally applicable standards and procedures. The Reserve Bank of India (RBI) released a Master Direction on IT Framework to achieve the necessary security practices by the NBFCs. There are two parts to the direction:

NBFCs with more than 500 crores - The IT framework requirement would include IT Governance, operations, Business Continuity Planning and Disaster Recovery, IT service Outsourcing.

NBFCs with less than 500 crores - The IT framework needed would involve data backup and testing, having a well-defined function in the IT system, filing regulatory returns with the RBI, and generating crucial financial reports for top management and Read More

Why do organizations need it?

The goal of information security is to limit the access to sensitive data. NBFCs must have a comprehensive information security
policy that includes the following essential principles:

Confidentiality

Ensuring access to sensitive data to authorized users only.

Integrity

Assuring information accuracy and reliability by preventing.

Availability

Make sure that users have access to data whenever they need it.

Authenticity

It is vital for Information Security to ensure that data, transactions.

Our Approach

To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.

Gathering of Information

Audit

An initial audit to understand the organization's infrastructure and to assist our clients in identifying evidence for all audit points Wherever possible, options for improvement are offered once these gaps are identified.

Recommendations

Kratikal will give appropriate recommendations for compliance with the RBI Mandate based on the evaluation results and data identification.

Audit Report

Kratikal will review your evidence on the closing of the Action phase as indicated during the audit after we complete the assessment and remediation.Upon Successful closure of the identified issues, we will submit an audit report.