Regulatory Alerts2022-01-18
Regulations on information security management in banks
The Central Bank of the Republic of Azerbaijan issued Decision No. 20/1 to establish mandatory minimum requirements for information security management systems across all domestic and foreign bank branches operating in the country. The regulations mandate the implementation of a comprehensive ISMS overseen by the Supervisory Board, covering asset classification, strict access controls with defined password standards, cryptographic key management, and physical security protocols for data centers. Banks must enforce continuous risk assessment, secure remote and mobile device usage, regular employee training, and systematic incident reporting to ensure the confidentiality, integrity, and availability of all critical information assets.
Share