RBI Releases Draft Rules On Cyber Resilience, Digital Payment Security Controls For PSOs

The Reserve Bank of India (RBI) on Friday released a draft Master Directions on Cyber Resilience and Digital Payment Security Controls for Payment System Operators (PSOs). According to the RBI's release, the central bank has invited feedback from the shareholders on the same. The draft directions from the central bank cover governance mechanism for identification, assessment, monitoring and management of cybersecurity risks including information security risks and vulnerabilities, and specify baseline security measures for ensuring safe and secure digital payment transactions.

The draft comes after the central bank, during the April monetary policy meeting (MPC), announced that it will issue these guidelines. The release also pointed out, "These directions aim to improve safety and security of the payment systems operated by PSOs by providing a framework for overall information security preparedness with an emphasis on cyber resilience."

The decision was taken to ensure the safety and security of payment systems, which is a key objective of the RBI. These directions for draft rules will also cover baseline security measures for ensuring system resiliency as well as safe and secure digital payment transactions, the RBI said.

The release further said that the board of directors of the PSOs will be responsible to ensure adequate oversight over information security risks, which includes cyber risks and cyber resilience.

The PSOs have also been directed to prepare a unique Board approved Cyber Crisis Management Plan (CCMP) to detect, contain, respond, and recover from cyber threats and cyber-attacks.

The PSOs shall also maintain a record of all the key roles, information assets, critical functions, processes, third-party service providers, and their interconnections and classify and document their levels of usage, criticality, and business value.  A comprehensive data leak prevention policy shall also be put in place, the RBI added.

ALSO READ | Apple Unlikely To Apply For Subsidies Under PLI 2.0 Scheme: Report