logotype
RBI Guidelines for Cyber Security in the NBFC Sector
Home RBI Guidelines for Cyber Security in the NBFC Sector

RBI Guidelines for Cyber Security in the NBFC Sector

The Reserve Bank of India (RBI) has issued guidelines for cyber security in the NBFC sector to help non-banking financial companies (NBFCs) protect their information systems and data from cyber threats. The guidelines cover a wide range of topics, RNR, as a CERT-In Empaneled Security Auditor, is licensed to assist you in understanding, managing, and complying with RBI Guidelines & Circulars that are issued on a regular basis. The RBI announced new guidelines for the Information Technology Framework for the NBFC Sector on June 8, 2017, which include specific provisions and regulations regarding information and cyber security, IT audit, business continuity planning, and so on.

The following is an overview of some of the important principles and requirements from the RBI Guidelines for NBFC Cyber Security.

As an authorized CERT-In Empanelled Security Auditor, RNR can assist you in understanding, managing, and complying with the RBI Guidelines & Circulars that are periodically released. On June 08, 2017, the RBI released new guidelines for the NBFC Sector’s Information Technology Framework, which includes specific requirements related to Information and Cyber Security, IT Audit, Business Continuity Planning, and more. Here is a brief summary of some key points and requirements from the RBI Guidelines for Cyber Security in the NBFC Sector. To learn more about the RBI Guidelines and how RNR can help you adhere to RBI’s mandates, you can download our Whitepaper.

Information Security

  • Identification and Classification of Information Assets
  • Segregation of functions
  • Role based Access Control
  • Personnel Security
  • Physical Security
  • Maker-checker
  • Incident Management
  • Trails
  • Public Key Infrastructure (PKI)

Cyber Security

  • Need for a Board approved Cyber-security Policy
  • Vulnerability Management
  • Cyber security preparedness indicators
  • Cyber Crisis Management Plan
  • Sharing of information on cyber-security incidents with RBI
  • Cyber-security awareness among stakeholders / Top Management / Board
  • Digital Signatures
  • IT Risk Assessment
  • Mobile Financial Services
  • Social Media Risks
  • Training

Information Security Audit

  • Policy for Information System Audit (IS Audit)
  • Coverage
  • Personnel
  • Periodicity
  • Reporting
  • Compliance
  • Computer-Assisted Audit Techniques (CAATs)

Planning for Business Continuity

  • Business Impact Analysis
  • Recovery Strategy / Contingency Planning

What we do

RNR provide remedial actions based on the RBI guidelines that NBFC must take to address any gaps in their cyber security posture. These remedial actions may include:

  • Implementing additional security controls
  • Conducting additional training for employees
  • Updating security policies and procedures
  • Submitting a report to the RBI on the remedial actions taken

NBFCs that fail to comply with the guidelines may be subject to penalties by the RBI. But do not worry, we are here to help.

Contact us to discover more about the RBI Guidelines, and procedures, and how RNR may assist you in meeting the RBI’s requirements.

What is Application Security?

Effective Security Testing Safeguards your Applications from Cyber Threats & Vulnerabilities

RNR Application Security Testing helps you identify vulnerabilities in your applications, ensuring comprehensive coverage for both web and mobile infrastructures, as well as online services. By going beyond software scanning, our Application Security Methodology prioritizes the most susceptible areas of your online application and provides practical solutions. This approach mitigates risks and helps you comply with regulatory requirements.

Leave us message

How May We Help You!

      Service Request Form

      Select Service(s) You Want:

      Information & cyber security program strategy & roadmapEnterprise & cyber security risk assessment & managementThird party risk managementVirtual CISO serviceCyber security awareness programPhishing simulation programThreat modelingUser access governance & certificationIncident management and response planISO 27001/22301/27701/9001RBI master directionNHB cyber security guidelinesIRDAI cyber security guidelinesNIST FrameworkSOC1/SOC2Data localization as per RBI circular of storage of payment system dataCIS frameworkInternal audit managementCloud assessment as per CISDesigning cloud security architectureCSPM security monitoringGap assessment as per applicable guidelinesNetwork architecture reviewFirewall rule reviewFirewall configuration reviewSystem hardening checksVulnerability assessment program managementWeb application penetration testingMobile application penetration testingInfrastructure vulnerability assessmentAPI vulnerability assessmentAPI fuzzingRed teaming ExerciseData protection advisoryData flow diagramDigital personal data protection acData protection controls implementationData discovery and classificationDesigning of data protection policyData governance programDigital personal data protection acGap assessmentArticulation of policy and proceduresISO 27001/22301/27701/9001, PCI-DSS, SOC1/SOC2, COBIT, COSO, HIPPA, RBI, IRDAI, NIST, Data Localization, CISGRC tool implementationArticulation of BCP plan and strategyCrisis management planBCP/DR planning and implementationImplementation of BCMS standard (ISO 22301)Conducting actual and tabletop DR drillsFunctional recovery planGRC resource deployment onsite/offsiteSecurity services resource deployment onsite/offsite

      Contact Details:

      Name (required):

      Organization Name (required):

      Email (required):

      Contact No (required):

      Detail about the requirement (optional):