SaFi Bank Space : (Draft) - IT Policies and Procedures.

Created by User 7142e, last modified on Jan 24, 2023

This is a draft of the proposed IT Policies and Procedures that can be adapted for Safi Bank.

Each of this policies shall be reviewed by relevant stakeholders, send feedbacks and shall be approved by relevant Decision Makers and with the Final Approval of the Legal Department for Implementation.

Furthermore please check the latest BSP MORB Guidelines and Requirements to confirm the policies and procedures state herein.

  1. Access Control Policy: Establish procedures for granting access to IT systems and resources, including user account creation, password management, and access revocation.

  2. Incident Response Policy: Develop procedures for identifying, responding to, and reporting security incidents, including incident classification and escalation.

  3. Network Security Policy: Implement measures to protect the integrity and confidentiality of network resources, including firewalls, intrusion detection and prevention systems, and virtual private networks (VPNs).

  4. Data Backup and Recovery Policy: Establish procedures for creating, storing, and recovering backups of critical data, including off-site storage and testing of recovery procedures.

  5. Physical Security Policy: Implement measures to protect IT assets from physical damage or unauthorized access, including security cameras, access controls, and environmental controls.

  6. Remote Access Policy: Establish procedures for remote access to IT systems and resources, including remote access agreements and secure communication protocols.

  7. System Change Management Policy: Develop procedures for controlling changes to IT systems and resources, including change requests, testing, and approvals.

  8. Compliance Policy: Ensure compliance with applicable laws, regulations, and industry standards, including regular monitoring and reporting of compliance status.

  9. IT Risk Management Policy: Develop and implement a risk management program to identify, assess, and mitigate risks to IT systems and resources.

  10. IT Disaster Recovery and Business Continuity Policy: Establish procedures for disaster recovery and business continuity in the event of a disruption to IT systems and resources.