The Board of the Central Bank of Azerbaijan (CBA) has approved the "Requirements for Ensuring Information Security in Entities Supervised in Financial Markets," Azernews reports, citing CBA.
In this regard, the President of the CBA, Taleh Kazimov, has signed a new decision.
Instead, the decision dated July 14, 2021, regarding the approval of the "Regulation on Information Security Management in Banks" has been abolished.
According to the new decision, financial institutions must continuously improve the Information Security Management System (ISMS) and develop an information security policy in this direction. This policy should be reviewed at least once a year, and when examining the risk management system, appropriate changes can be made when required. In addition, when changes are made to ensure the continuity, adequacy, and effectiveness of the ISMS, the information security policy can be reviewed in an extraordinary manner.
Compliance with these requirements will be evaluated by external auditors in Category I control subjects (banks, insurers, central depositories, the Compulsory Insurance Bureau, credit bureaus, electronic money organisations, and payment system operators) at least once a year, and in Category II and III control subjects (entities licenced in the securities market, national operators of postal communication, payment organisations, shareholder investment funds, and managers of investment funds; excluding credit unions, non-bank credit organisations) at least once every 2 years.
The Legal Department of the CBA has been instructed to submit this decision to the Ministry of Justice for registration in the State Register of Legal Acts within 3 days.