Pension regulator PFRDA has come out with Information & Cybersecurity Policy Guidelines for intermediaries and regulated entities in the NPS ecosystem.
These comprehensive guidelines will serve as a roadmap for Regulated Entities to effectively manage cyber risks, protect critical assets and maintain trust and confidence in the digital age, PFRDA said in a circular.
The primary objective of having these information and cybersecurity policy guidelines is to establish a structured framework that outlines the principles, procedures and best practices for protecting the Regulated Entities (REs) information assets and data from cyber threats.
The guidelines would also act as a broad standard for the Regulated Entities to understand and implement essential controls and procedures to protect their Information and Communication Technology (ICT) infrastructure from cyber threats, PFRDA has said.
Effective Aug 1
The guidelines have come into effect from August 1. These guidelines may also act as a baseline document for administration and audit teams (internal, external/ third-party auditors) to evaluate the regulated entities’ security position against cybersecurity baseline requirements.
With rapid technological advancements and emerging threats, protection of technology infrastructure and data through cybersecurity measures is of considerable importance.
While Regulated Entities are expected to have taken measures in the past to prevent the cybersecurity lapses, the PFRDA has now laid down guidelines to protect the interests of subscribers and ensure safety and integrity of the evolving architecture.
The latest norms incorporate, consolidate and update the guidelines, instructions and circulars on cybersecurity issued by PFRDA from time to time. These include the cybersecurity guidelines issued in October 2017 and those issued on January 7, 2019.
In today’s interconnected digital landscape, the financial services sector stands as a prime target for cyber threats due to the vast amounts of sensitive data it handles, including personal and financial information.
Cyber-attacks are increasing in frequency, sophistication and impact, with perpetrators continually refining their efforts to compromise systems, networks and information world-wide. A key driver of this trend is the increasing usage of technology by the financial services sector to improve customer service and operational efficiency, the PFRDA circular said.