ICT SECURITY POLICY
- It is the policy of Agrobank that while IT resources and
information should be provided to enable employees of the Bank and
relevant external parties to satisfactorily complete their duties,
these resources should be subject to adequate control :-
- To ensure the protection of programs, information and
facilities of the computerized information processing systems
from unauthorized access and use.
- Minimize the risks of unauthorized disclosure of
information.
- The protection of information stored on the information
processing facilities from loss or destruction.
- The reliability of the computerized information
processing and the continued availability of the computerized
information processing facilities.
- The control implemented will be suitable of the asset value
and its risk exposures. This policy will form the basis from which
IT security standards and procedure are developed.
- IT security objectives are defined as follows:-
- Integrity of information
Information
produce by IT resources of the Bank source must be free from
unauthorized modification and corrupted information. The
attributes of integrity of information shall be as follows.
3.1.1 Transactions are authentic and unique (valid).
3.1.2 Transactions are recorded as intended (accurate).
3.1.3 Transactions are not missing (completeness).
3.1.4 Transactions are up to date (pertinence).
3.1.5 Transactions are not recorded in a misleading manner (presentation).
- Confidentiality of information
The access to the information of the Bank and its clients is to be allowed on a need to
know basis.
- Continuity of IT resources and information
All IT resources and information required for the Bank's business processes, are at
a level acceptable to senior management, are available within a period of interruption
which is acceptable to senior management.
- Source and information continuity ICT during interference
Each source and information of necessity for Bank's business process is at levels that
could be accepted by Management and availability in during interruption duration that
could be accepted by Management.
- Compliance with statutory and regulatory requirements
The information processing system of the Bank must at all times be in compliance with
all statutory and regulatory requirements.