Enterprise Technology Governance & Risk Management Framework

Guidelines

Enterprise Technology Governance & Risk Management Framework

PBA has provided its feedback/comments to SBP on the draft framework of amendments in ‘Enterprise Technology Governance and Risk Management Framework for Financial Institutions’, on February 3, 2023. 

SBP had requested PBA’s feedback on the amendments necessitated due to latest developments in international best practices, information security standards, cyber threat landscape and the resulting cybersecurity requirements.

PBA’s Cyber Security Forum reviewed the subject draft and the cybersecurity issues that may have significant impact on banking operations. The feedback given by PBA included the following key areas, in which amendments were suggested by SBP;

  1. Cybersecurity Governance
  2. Cybersecurity in Enterprise Risk Management
  3. Cybersecurity Controls
  4. Cybersecurity recovery and response
  5. Cybersecurity in third party services