Top 5 Things to Do (RBI Circular Compliance)

✅ Top 5 Things to Do (RBI Circular Compliance)

1️⃣ Conduct Annual Independent IS Audit

• What to do: Engage a CERT-IN empanelled or CISA-certified auditor.
• Why: To assess vulnerabilities, compliance gaps, and security posture.
• Outcome: Audit report with actionable findings to be submitted to the Board.

2️⃣ Implement Cyber Security Policy (Board Approved)

• What to do: Draft and adopt a comprehensive cyber security policy aligned with RBI guidelines.
• Why: Mandatory governance requirement.
• Outcome: Clear roles, responsibilities, incident response, and escalation protocols defined.

3️⃣ Strengthen Cyber Incident Detection and Response

What to do: Set up or upgrade Security Operation Center (SOC) or alert-based monitoring system.

• Why: To detect and mitigate cyber threats in real-time.
• Outcome: Timely response to threats, better audit and incident reporting.

4️⃣ Employee Awareness & Training Programs

• What to do: Conduct cyber hygiene workshops for staff and management.
• Why: Human error is the biggest cybersecurity risk.
• Outcome: Reduced phishing incidents, improved secure practices.

5️⃣ Establish Business Continuity and Disaster Recovery (BCP/DR)

• What to do: Develop and test BCP and DR plans regularly.
• Why: Ensure banking operations continue during IT disruptions or cyberattacks.
• Outcome: Regulatory compliance and operational resilience.

Call for Audit