The Regulation on Information Security Management in Banks approved

03-08-2021

3 August 2021, Baku: The Central Bank is constantly focusing on the ongoing monitoring of challenges in the field of information and communication technologies in the international arena and the delivery of innovative solutions to the banking sector. At the same time, in the light of global trends, establishment of modern information technology infrastructure in the country and expansion of digital services offered in the financial and banking sector make it important to ensure information security during data exchange, protect existing information resources from possible threats and increase overall cyber security readiness level, as well conduct regular awareness-raising activities in the field.

As a result of actions taken in this field, considering the requirements of ISO / IEC 2700X standards of the International Organization for Standardization, the Regulation on Information Security Management in Banks (Regulation) defining the minimum requirements for information security in banks operating in the Republic of Azerbaijan were developed and approved by the Central Bank and included in the State Register of Legal Acts of the Republic of Azerbaijan (http://www.e-qanun.az/framework/48025).

Taking into account that the implementation of the new Regulation in the field of information security will take significant time to establish appropriate information technology infrastructure in banks and develop policies and procedures for business processes on information security, the Regulation will enter into force on 1 April 2022. It was decided to repeal the Regulations on Security of Information Systems in Banks approved by the Decision of the Board of the Central Bank dated 10 December 2014.

This Regulation includes control mechanisms and requirements on establishment and organization of Information Security Management System in banks in accordance with the requirements of ISO/IEC 2700X standards, human resources security, asset management, access control, cryptography, physical and perimeter security, ensuring security in the acquisition, application and support of information systems, protection of information security in service relations with external suppliers and management of information security incidents.

The Central Bank pays constant attention to ensuring information security in the country's banking sector, in particular, the timely detection, reduction and prevention of possible cyber attacks.