Information security risk management and cyber resilience: new standards
To ensure information security, banks, non-bank financial institutions and processing centres can now apply new national risk management and business continuity standards (GOST Р
In particular, the documents contain provisions on drafting risk management policies, measures for risk identification, assessment and monitoring. The standards also describe risk mitigation strategies, cyber incident response and recovery plans, rules for interacting with IT service providers and conducting cyber training.
The standards have been jointly prepared by the Bank of Russia and experts with due account of international practices in cyber resilience. The standards will become effective on 1 February 2023.