info@arridae.com 9019854583

As a CERT-In Empanelled Security Auditor, Arridae Infosec is equipped to assist Urban Cooperative Banks (UCBs) in understanding, managing, and adhering to RBI Guidelines and Circulars issued periodically.

Periodic reviews of a bank's IT infrastructure and assets are essential to identify vulnerabilities and security gaps. Arridae Infosec supports Cooperative Banks in addressing these issues effectively, ensuring compliance with RBI's enhanced cybersecurity directives and safeguarding critical banking operations.

RBI Guidelines Overview

The Reserve Bank of India introduced its Cyber Security Framework for UCBs on October 19, 2018, and further strengthened these guidelines on December 31, 2019.
RBI Circular


Below is a summary of the key points and requirements from the revised Cyber Security Framework for Urban Cooperative Banks (UCBs).

Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

  • Board approved Cyber Security Policy
  • Cyber Security Policy to be distinct from the IT policy/IS Policy of the UCB
  • IT Architecture/Framework should be security compliant
  • Cyber Crisis Management Plan
  • Organizational Arrangements
  • Cyber Security awareness among Top Management/Board/other concerned parties
  • Ensuring protection of customer information
  • Supervisory reporting framework

Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)

Level I Requirements

  • Baseline Cyber Security and Resilience Requirement
  • Vendor/Outsourcing Risk Management

Level II Requirements

  • Network Management and Security
  • Secure Configuration
  • Application Security Life Cycle (ASLC)
  • Change Management
  • Periodic Testing
  • User Access Control / Management
  • Authentication Framework for Customers
  • Anti-Phishing
  • Data Leak Prevention Strategy
  • Audit Logs
  • Incident Response and Management

Level III Requirements

  • Network Management and Security
  • Secure Configuration
  • Application Security Life Cycle (ASLC)
  • User Access Control
  • Advanced Real-time Threat Defence and Management
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Incident Response and Management
  • User / Employee/ Management Awareness
  • Risk based transaction monitoring

Level IV Requirements

  • Arrangement for continuous surveillance – Setting up of Cyber Security Operation Centre (C-SOC)
  • Participation in Cyber Drills
  • Incident Response and Management
  • Forensics and Metrics
  • IT Strategy and Policy
  • IT and IS Governance Framework
  • IT Strategy Committee
  • IT Steering Committee
  • Chief Information Security Officer (CISO)
  • Information Security Committee
  • Audit Committee of Board (ACB)

OUR SERVICE

Our RBI Co-Operative Banks IS Audit service focuses on helping organizations meet these regulatory standards through a structured, efficient, and thorough audit process.

Key Features of Our Service:

  1. Comprehensive Audit:
    • We perform an in-depth audit of your organization’s data storage, processing, and transmission mechanisms to ensure compliance with RBI Co-Operative Banks IS Audit requirements.
    • Our team of experienced auditors reviews end-to-end data flow, ensuring that all customer data, transaction records, and other relevant information are stored locally as per the guidelines.
  2. Gap Analysis and Risk Assessment
    • We identify potential areas of non-compliance and security gaps in your data storage systems.
    • Our auditors evaluate the risks associated with the existing data management practices and provide actionable insights on mitigating risks and closing any gaps.
  3. Internal Controls Review
    • We assess the adequacy of internal controls and security protocols related to data access and management.
    • This includes reviewing encryption protocols, access controls, and user privileges to ensure compliance with data security best practices.
  4. Regulatory Compliance Documentation
    • Our service ensures that all necessary compliance documentation, is prepared and submitted to RBI as per the stipulated timelines.
    • We assist in filing reports, audit trails, and other necessary documentation, ensuring seamless interaction with regulators.
  5. Recommendations and Remediation Support
    • After identifying gaps or vulnerabilities, we provide detailed recommendations on how to enhance your systems to meet RBI compliance standards.
    • Our team can assist in implementing necessary changes and ensure continuous monitoring for future compliance.
  6. Follow-up Audits
    • In cases where corrective actions are needed, we conduct follow-up audits to ensure that all recommended measures are properly implemented.
    • We also help prepare your organization for future audits and compliance checks by the RBI