Regulatory Alerts2014-06-26 | Banking Act Directions No. 4 of 2014Baseline Security Standard for Information Security Management
The Central Bank of Sri Lanka, in collaboration with the Sri Lanka CERT|CC and the Sri Lanka Banks' Association, has issued the Baseline Security Standard (BSS) to mandate comprehensive information security controls across financial institutions and their third-party service providers. The standard requires organizations to implement a structured risk management framework aligned with ISO 27005, covering fourteen key security domains including asset classification, third-party risk management, human resource security, and operational controls. Financial institutions must achieve full compliance within a twelve-month implementation period, with ongoing oversight by the Bank Computer Security Incident Response Team and periodic revisions to maintain regulatory conformance and mitigate financial fraud risks.