IT Governance and Risk Management

7 min

in the ever evolving spheres of finance and data protection in india the reserve bank of india's ( “rbi” ) master direction – information technology governance, risk, controls, and assurance practices dated november 7, 2023 — has set the stage for transformative changes this article navigates through the regulatory landscape to showcase how our generic onboarding platform (“go”) aligns with guidelines laid out under the rbi harnessing compliance in financial technology the rbi has rolled out the master direction – information technology governance, risk, controls and assurance practices to incorporate, consolidate, and update the guidelines, instructions, and circulars on it governance, risk, controls, assurance practices, and business continuity/ disaster recovery management as the rbi directive takes center stage, our analysis delves into the critical elements of it governance, risk management, and controls outlined by the central bank i e rbi from the strategic role of boards to the meticulous oversight mechanisms required for mitigating it and cyber risks, we unveil how our generic onboarding platform seamlessly integrates compliance measures into the fabric of financial technology compliance of go with regulatory guidelines signzy’s no code platform takes pride in its steadfast commitment to regulatory compliance, aligning seamlessly with the stipulations outlined in the rbi’s direction our product has been meticulously designed and developed to adhere to the comprehensive guidelines in these regulatory frameworks, ensuring that organizations can confidently navigate the complex landscape of information technology governance, risk management, and controls at signzy, we understand the critical importance of maintaining the highest standards of security, privacy, and transparency, and our commitment to regulatory alignment reflects our dedication to providing a robust onboarding solution that not only meets but exceeds industry standards below are details of the features of the no code platform, which help in compliance with requisite provisions of rbi’s master direction audit trail every it application that can access or affect critical/ sensitive information has to have audit trails/ logging capability every it application that can access or affect critical/ sensitive information has to have audit trails/ logging capability every application in go has an all applications docid\ xf0u527lduktlb9ys 4zw that can be viewed by the res in the back office portal the audit trails have to satisfy a re’s business requirements apart from regulatory and legal requirements the audit trails must be detailed enough to facilitate the conduct of the audit, serve as forensic evidence when required, and assist in dispute resolution, including for non repudiation purposes the audit trails have to satisfy a re’s business requirements apart from regulatory and legal requirements the audit trails must be detailed enough to facilitate the conduct of the audit, serve as forensic evidence when required, and assist in dispute resolution, including for non repudiation purposes the audit trail that can be viewed in the back office of signzy’s go platforms, is detailed and comprehensive it shows all the changes made to the end user application with minute details, such as the page and the field to which the change was made it reflects the old value and the new value added further, the go platform also shows the details of the agent/employee who has made the updates along with the date and time access control personnel with elevated system access entitlements have to be closely supervised with all their systems activities logged and periodically reviewed res have to adopt multi factor authentication for privileged users personnel with elevated system access entitlements have to be closely supervised with all their systems activities logged and periodically reviewed res have to adopt multi factor authentication for privileged users all the go users are closely supervised a hierarchy is followed and all the users are assigned different levels each user is supervised by the user above their level and their activities are periodically reviewed the re agent can conduct their day to day business with the help of the web and app based rm portal they have multi factor authentication enabled in their respective accounts and can also securely log in through their unique biometrics vulnerability assessment (va) / penetration testing (pt) va/ pt shall be conducted by appropriately trained and independent information security experts/ auditors va/ pt shall be conducted by appropriately trained and independent information security experts/ auditors go has periodic va/pt assessments done by 3rd party cert in certified vendors in the post implementation (of it project/ system upgrade, etc ) scenario, the va/ pt shall be performed in the production environment under unavoidable circumstances, if the pt is conducted in the test environment, res shall ensure that the version and configuration of the test environment resembles the production environment any deviation should be documented and approved by the isc in the post implementation (of it project/ system upgrade, etc ) scenario, the va/ pt shall be performed in the production environment under unavoidable circumstances, if the pt is conducted in the test environment, res shall ensure that the version and configuration of the test environment resembles the production environment any deviation should be documented and approved by the isc the certified experts send the reports of their assessment periodically, work on their findings, and implement the necessary changes vapt is performed in the production environment to ensure the credibility of the results our journey continues to ensure compliance with the standards of these latest guidelines and regulatory requirements with a detailed examination of the rbi's direction, we strive to become more capable by improving on where we are lacking and working continuously to meet that goal our platform, go is not just an enabler of regulatory adherence but a proactive contributor to the evolving standards in financial technology getting help please feel free to contact us if you have any questions, require clarification, or have ideas for how to make the documents or any of our services better you can reach out to us at help\@signzy com

DPDP- Digital Personal Data Protection Act

Security