The draft, Master Directions on Cyber Resilience and Digital Payment Security Controls for PSO, proposes a governance mechanism for the identification, analysis, monitoring, and management of cybersecurity risks.
RBI confirms that these norms will be implemented from April 1, 2024, for large non-bank-PSOs. For medium-sized non-bank PSOs, the norms will be implemented by April 1, 2026, as for the smaller ones, the deadline is April 1, 2028.
The key responsibility of the draft circular will be designated to a sub-committee of the board that must meet at least once every quarter.
“The PSO shall formulate a board-approved Information Security (IS) policy to manage potential information security risks covering all applications and products concerning payment systems as well as management of risks that have materialised,” the draft note said.
“The directions will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions[…]However, they shall endeavour to migrate to the latest security standards. The existing instructions on security and risk mitigation measures for payments done us
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: