ICT SECURITY POLICY

1. It is the policy of Agrobank that while IT resources and information should be provided to enable employees of the Bank and relevant external parties to satisfactorily complete their duties, these resources should be subject to adequate control :-
   
   
   1. To ensure the protection of programs, information and facilities of the computerized information processing systems from unauthorized access and use.
   2. Minimize the risks of unauthorized disclosure of information.
   3. The protection of information stored on the information processing facilities from loss or destruction.
   4. The reliability of the computerized information processing and the continued availability of the computerized information processing facilities.
      
      
2. The control implemented will be suitable of the asset value and its risk exposures. This policy will form the basis from which IT security standards and procedure are developed.
   
   
3. IT security objectives are defined as follows:-
   
   
   1. Integrity of information
      
      Information produce by IT resources of the Bank source must be free from unauthorized modification and corrupted information. The attributes of integrity of information shall be as follows.
      
      3.1.1 Transactions are authentic and unique (valid).
      3.1.2 Transactions are recorded as intended (accurate).
      3.1.3 Transactions are not missing (completeness).
      3.1.4 Transactions are up to date (pertinence).
      3.1.5 Transactions are not recorded in a misleading manner (presentation).
      
      
   2. Confidentiality of information
      
      The access to the information of the Bank and its clients is to be allowed on a need to know basis.
      
      
   3. Continuity of IT resources and information
      
      All IT resources and information required for the Bank's business processes, are at a level acceptable to senior management, are available within a period of interruption which is acceptable to senior management.
      
      
   4. Source and information continuity ICT during interference
      
      Each source and information of necessity for Bank's business process is at levels that could be accepted by Management and availability in during interruption duration that could be accepted by Management.
      
      
   5. Compliance with statutory and regulatory requirements
      
      The information processing system of the Bank must at all times be in compliance with all statutory and regulatory requirements.