Regulatory Compliance

IS Audit
(RBI) Guidelines

The banking sector is one of the most vulnerable sectors in terms of cyber threats and attacks. Annually, 6 out of 10 people report that their data has been compromised by loan service. Having said this, RBI in its master directions has passed a directive for all NBFCs to conduct an IT audit and get attested by RBI under RBI IS Audit.

As per the directive, a CERT-IN empanelled institution must perform an annual information Security Audit. Data security, audit control, corporate governance, risk management, and other terms and conditions of the license are the fundamentals of the Information Security Audit.

Methodology

The IS Audit is conducted per the Terms of Reference (TOR) and regulations outlined by the ICAI, RBI, and pertinent authorities. The NBFC along with the external auditor, should set an audit plan along with the scope of the current and previous audits if it wants to have an audit performed. The auditors will check the network systems and work environment against security controls, network controls, access controls, and electronic document controls once they obtain a plan of action for the IS Audit.

 

NBFCs with more than 500 crores – The IT framework requirement would include IT Governance, operations, Business Continuity Planning and Disaster Recovery, IT service Outsourcing.

 

NBFCs with less than 500 crores – The IT framework needed would involve data backup and testing, having a well-defined function in the IT system, filing regulatory returns with the RBI, and generating crucial financial reports for top management

Why do organization need it?

The goal of information security is to limit the access to sensitive data. NBFCs must have a comprehensive information security
policy that includes the following essential principles:

Confidentiality

Ensuring access to sensitive data to authorized users only.

Integrity

Assuring information accuracy and reliability by preventing.

Availability

Make sure that users have access to data whenever they need it.

Authenticity

It is vital for Information Security to ensure that data, transactions.

Our Approach

Our cyber security approach prioritizes a layered, proactive defense strategy encompassing robust network security, vigilant endpoint protection, strict access controls, regular vulnerability assessments, employee security awareness training, and a rapid incident response plan, ensuring the protection of sensitive data and systems against evolving cyber threats by focusing on the “people, process, and technology” pillars.

Benefits

Cybersecurity is important because it protects organizational assets and services from malicious attacks and safeguards all types of data, including but not limited to sensitive data, protected health information (PHI), and personally identifiable information (PII) from theft and loss.

Being Cert-In empanelled organization, the activities of the company can be guided to provide better sevices.
NBFC audits assure compannies and partners that their service organizations have procedures and controls.
The assessments are being carried out by qualified experts to provide consistent and valuable services.

iLeads Insights

Enterprise Customers
0 +
Organizations’ Security Compliant
0 +
Small and mid-size enterprises (SMEs)
0 k+
Threats Recorded in GCTx Database
0 k+

FAQ's

What are the necessary requirements to be met for NBFCs above 500 crores?

• IT Governance
• IT Policy
• Information and Cyber Security
• IS Audit
• IT Services Outsourcing

Is it necessary that every NBFC should be registered with the RBI?

Every NBFC must register with the RBI before starting or carrying on any non-banking financial institution business.

What are systemically important NBFCs?

Systemically important NBFCs are those with assets of Rs500 crore or more as of their most recent audited balance sheet.