Most US Banks use the SAS70 standard as a management and control review system to comply with regulatory stipulations. European Banks mainly go for the EU Data Directive (which covers security and privacy) and BS7799. Banks in Australia / NZ use the AS/NZS4444 (which is a derivative of BS7799). In India, we don’t have a security standard that banks must necessarily implement, nor do we have guidelines from the Reserve Bank or the Ministry of Finance.
Logically, tweaking a standard like the ISO17799 should work fine - depending on reporting and compliance requirements, additional controls should be specified and implemented. This is where the RBI or even an industry body can provide inputs which can be incorporated into a variant of the standard.
More on estanlishing a security standard for use by Indian Banks later.
Post your comments online.
RiOn
