Cloud Outsource Directive and Guidance Note Issued by the South African Reserve Bank
Cloud computing and offshoring of data is no longer a taboo among banks. It is becoming a necessity and is the current definitive trend. However, the South African Reserve Bank (“SARB”) has issued a directive and guidance note detailing items banks must consider when electing to adopt cloud computing as a service or any offshoring of data.
At the outset, the SARB requires that banks elect a risk based and mitigation approach, having consideration to the bank’s risk profile, size of the bank and its operations. For the purposes of this article, we will only highlight some of the critical provisions to consider, namely banks are directed to:
Banks must also consider the classification of data, materiality of the activity outsourced, level of risk, mode and form of cloud computing and offshoring of data. A banks data strategy should include at the very least:
Put simply, the bank must put in place a strategy as well as formal policies and robust contracts to ensure that the service provider rendering the cloud services or offshoring of data takes steps to assist the bank in its compliance efforts. Some of the suggested proactive steps that banks should adopt are set out below:
ENSafrica’s specialist TMT team can assist in your bank’s compliance initiatives, drafting of standard policies and procedures as well as ensuring that sound contracts are put in place with cloud service providers.
For more information, please contact:
technology, media and telecommunications director [email protected] cell: +27 82 310 5172
- April 26: World Intellectual Property Day
- Health Data Confidentiality on a Rise in the UAE!
- OCR Publishes Recommendations to Prepare for Cybersecurity Threats
WSG Member: Please login to add your comment.