Contents
- Policies to protect information in transit
Policies to protect information in transit
Development, Documentation and Implementation (Article 14(1) RTS RMF)
- Financial entities must develop, document, and implement the policies, procedures, protocols and tools necessary to protect information in transit.
- These measures form part of the safeguards to preserve:
– availability,
– authenticity,
– integrity,
– confidentiality of data.
Purpose of the Policies (Article 14(1) RTS RMF)
- The policies must ensure that information remains protected during network transmission and that secure information exchange is maintained internally and externally.
Mandatory Content Elements (Article 14(1)(a)–(c) RTS RMF)
(a) Protection of Data During Network Transmission
The policies must ensure:
- the availability,
- the authenticity,
- the integrity, and
- the confidentiality of data during network transmission,
and must prescribe procedures to assess compliance with these requirements.
(b) Prevention and Detection of Data Leakages; Secure Transfers
The policies must ensure:
- the prevention and detection of data leakages, and
- the secure transfer of information between the financial entity and external parties.
(c) Confidentiality and Non-Disclosure Arrangements
The policies must ensure that:
- confidentiality and non-disclosure arrangements are implemented, documented and regularly reviewed;
- such arrangements reflect the financial entity’s needs for the protection of information for:
– staff of the financial entity, and
– staff of third parties.
Design Basis: Data Classification and ICT Risk Assessment (Article 14(2) RTS RMF)
- The policies, procedures, protocols and tools to protect information in transit must be designed on the basis of:
– the approved data classification, and
– the ICT risk assessment.