IT governance rules: RBI releases draft guidelines for regulated entities

Rate this post

The Reserve Bank of India (RBI) on Thursday released a draft master direction on information technology (IT) governance for all regulated entities, which will mandate them to put in place a robust IT governance framework, consisting of governance structures and processes necessary for them to meet their business objectives.

The framework will specify the role and responsibilities of the board of directors and the senior management of the entity. It will also have to include adequate oversight mechanisms to ensure accountability and mitigation of business risks.

“The key focus areas of IT governance shall include strategic alignment, value delivery, risk management, resource management, performance management and business continuity/ disaster recovery management,” the RBI said.

The RBI is going to ask the regulated entities to establish a board level IT strategy committee, which will have a minimum of two directors as members, and atleast one of them must have substantial expertise in managing/ guiding technology initiatives. This committee will ensure that the entity has put in place an effective IT strategic planning process in place.

According to RBI, the chief executive officer of the regulated entity will have the overall responsibility and institute an effective oversight on the plan and execution of IT Strategy. He will also be in charge to put in place appropriate mechanisms to ensure IT/ IS and their support infrastructure are functioning effectively and efficiently; cyber security posture of the RE is robust; and overall, IT contributes to productivity, effectiveness and efficiency in business operations.

Furthermore, the regulated entities have to institute an IT steering committee, with an objective of assisting the board, IT strategy committee in IT strategic planning and oversight.

The regulated entities will also have to appoint a head of IT operations, who is technically competent and experienced in IT related aspects. The person will be responsible for ensuring implementation of IT policy, IT strategy and vision of the regulated entity among a host of other things such as putting in place a documented IT standard operating procedure.

“A periodic assessment of the training requirements for human resources shall be made to ensure that sufficient, competent, and capable human resources are available. Regulated entities shall have a documented training plan/ programme for periodic training/ awareness workshops for the members of its board, senior management, CxOs, members of the IT function and other employees on aspects pertaining to IT and Information Security”, RBI said.

Leave a Comment

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

Please consider supporting us by disabling your ad blocker on our website