Thursday 3 March 2011

Information Technology Vision Document For 2011-17 By RBI

Reserve Bank of India (RBI) has recently released the information technology vision document for 2011-17 (IT Vision 2011-17). It has brought many far reaching reforms in the banking industry of India.

According to the vision document, Information Technology (IT) has transformed the conduct of businesses in every sector of the economy, including the financial sector. RBI has endeavoured to streamline technological change in a manner that would help to enhance the inclusiveness of the financial sector. The developments largely relate to improvements in back office management in the form of streamlining Management Information System (MIS), strengthening centralised processing and improving communication networks.

In this context the appointed Committee has identified the specific areas that need to be addressed during the ensuing years. These issues may be addressed in the short, medium and long term.

Some of the important issues are integration of information and technology, focused approach in usage of data for MIS and Decision Support System (DSS), inadequacies in information needed to take vital decisions, disparate IT systems at different levels of maturity, metadata and uniform data reporting standards, adoption of data mining and business analytics for information refinement, re-engineered business processes and delivery models, strategic alignment between business and IT, information and security policies, business continuity management, project management, vendor management, availability of trained manpower for deployment of technology, etc.

One of the areas covered by the vision document pertains to information security policy (IS policy). Information security policy is a documented business rule for protecting information and the systems which store and process this information. Information should be based on the principles of integrity, reliability, and validity. Protecting confidential information is a business and legal requirement.

The existing IS policy would have to be reviewed and updated at periodical intervals. The IS Policy may detail principles for protecting information from unauthorised access, use, disclosure, disruption, modification or destruction. The information security policy should, inter alia, relate to policies such as firewall, email, network security, and password. The policy should also address issues relating to prevention of cyber attacks by deploying appropriate technologies such as two-factor authentication.

While following the above, legal aspects relating to the provisions of the Acts such as Payments and Settlement Act, 2007 and IT Act, 2000 may be strictly adhered to. Further, all banks now would have to create a position of chief information officers (CTOs) as well as steering committees on information security at the board level at the earliest. This would ensure compliance with cyber laws and other laws and would ensure effective cyber security. Let us hope these guidelines would be followed very soon by banks in India.