In India, Non-Banking Finance Corporations (NBFCs) are regarded as important players in the economy. The demand for Information Technology (IT), Information Security Framework, and IT Audit has evolved as the country develops and matures over time. To ensure the safety and security of the NBFCs and their consumers, NBFCs are expected to improve security measures. On a regular basis, a CERT-IN empanelled institution must perform an annual information Security Audit. Data security, audit control, corporate governance, risk management, and other terms and conditions of the license will be followed by the NBFC. While proceeding with the NBFC sector, which includes cyber security and information audits, and more, the RBI published new updated information related to information technology framework.Read continue...
The RBI has established a standardized framework for information and cyber security, as well as a governance structure to ensure that all security issues are to be addressed on a regular basis. The main purpose is to establish universally applicable standards and procedures. The Reserve Bank of India (RBI) released a Master Direction on IT Framework to achieve the necessary security practices by the NBFCs. There are two parts to the direction:
NBFCs with more than 500 crores - The IT framework requirement would include IT Governance, operations, Business Continuity Planning and Disaster Recovery, IT service Outsourcing.
NBFCs with less than 500 crores - The IT framework needed would involve data backup and testing, having a well-defined function in the IT system, filing regulatory returns with the RBI, and generating crucial financial reports for top management and Read More
The goal of information security is to limit the access to sensitive data. NBFCs must have a comprehensive information security
policy that includes the following essential principles:
Confidentiality
Ensuring access to sensitive data to authorized users only.
Integrity
Assuring information accuracy and reliability by preventing.
Availability
Make sure that users have access to data whenever they need it.
Authenticity
It is vital for Information Security to ensure that data, transactions.
To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.
To understand data flow in your business, we review your Information Security Policies that are to be updated considering the ever-changing Information Security needs. Evidence is requested on the architecture, implementation, and controls. The organization's policies, procedures, and other documentation are further assessed.
An initial audit to understand the organization's infrastructure and to assist our clients in identifying evidence for all audit points Wherever possible, options for improvement are offered once these gaps are identified.
Kratikal will give appropriate recommendations for compliance with the RBI Mandate based on the evaluation results and data identification.
Kratikal will review your evidence on the closing of the Action phase as indicated during the audit after we complete the assessment and remediation.Upon Successful closure of the identified issues, we will submit an audit report.
Enterprise
Customers
Organizations’ Security
Compliant
Small and mid-size
enterprises (SMEs)
Threats Recorded in
GCTx Database
a) IT Governance
b) IT Policy
c) Information and Cyber Security
d) IS Audit
e) IT Services Outsourcing
Every NBFC must register with the RBI before starting or carrying on any non-banking financial institution business.
Systemically important NBFCs are those with assets of Rs500 crore or more as of their most recent audited balance sheet.
COMPANY
RESOURCES
VAPT SERVICES
COMPLIANCE