Professional Documents
Culture Documents
Master Direction Draft On Information Technology Governance Risk Controls
Master Direction Draft On Information Technology Governance Risk Controls
Master Direction Draft On Information Technology Governance Risk Controls
This document is neither a legal interpretation nor a statement of the RBI's directive. All information is posted merely for educational
and informational purposes. It is not intended as a substitute for professional advice. Should you decide to act upon any information in
this document, you do so at your own risk.
ABOUT US
Amongst the Largest
Players in this segment in
The Digital Fifth is India’s first Asia
Scheduled Commercial Banks (excluding Payments Banks All India Financial Institutions (NHB,
Regional Rural Banks) NABARD, EXIM Bank, SIDBI & NaBFID
Small Finance Banks All NBFCs in Top, Upper and Credit Information Companies
Middle Layers
Requirement of the Unified IT Master Direction
for Regulated Entities
Applicable Date
Directions will come into effect six months form the date of issue
Focus on 7 Domains
RBI Master Directions covers the 7 different domains,
comprehensively highlighting the policies, frameworks and controls
that need to put in place
RBI Master Direction : 7 Chapters
• Supporting IT systems to ensure the operational resilience of the entire IT • Adoption of new/emerging technologies or revamping the existing one
• Annual Maintenance Contract • Major projects with significant impact on RE’s risk profile must be
• Appropriate vendor risk assessment and controls proportionate to the risk reported to IT Strategy Committee
• Ensuring that source cores for all critical applications are received from the
and materiality assessed
vendors or presence of a software escrow management
All previous guidelines/circulars/directions covering the following topics have been repealed :
• Risks and Control in Computer and Telecommunication Systems
• Information System Audit – A Review of Policies and Practices
• Operational Risk Management – Business Continuity Planning
• Business Continuity/Disaster Recovery Planning
• Phishing Attacks
• Disaster Recovery (DR) drill and Vulnerability Assessment – Penetration Testing (VAPT)
• Sharing of Information Technology Resources by Banks – Guidelines
• Information Security
• Security Incident Tracking Platform - Reporting thereon
• Risk Governance Framework-Role of Chief Information Security Officer (CISO)
2 Major circulars have been kept aside from the RBI IT Master Direction -
• Draft Master Direction on Outsourcing of Information Technology (IT) Services
• RBI Guidelines on Cyber Security
Impact
Services
• Gap Assessment – Assessing Gaps against the
standard RBI guidelines/directions/regulations
• Development of Policy and procedures and
Implementing Policy Control Measures and
Mechanisms
• Governance & Risk Management Framework
• Implementation of ISO Standards such as ISO
22301 & ISO 27001
• RBI Audit Preparedness and Compliance
Management/Review
Stay Connected
Kindly reach out to us with your valuable feedback!
shashank@thedigitalfifth.com TheDigitalFifth.com
linkedin.com/company/thedigitalfifth twitter.com/thedigitalfifth
This document is neither a legal interpretation nor a statement of the RBI's directive. All information is posted
merely for educational and informational purposes. It is not intended as a substitute for professional advice.
Should you decide to act upon any information in this document, you do so at your own risk.