Back

Include consumer protection procedures in the Incident Response program.


CONTROL ID
12755
CONTROL TYPE
Systems Continuity
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • AIs should seek to protect the interests of all types of customers when offering e-banking services to them. In particular, AIs should respect the spirit of the Treat Customers Fairly Charter (TCF) and comply with the Code when offering e-banking services to their personal customers. This includes, … (§ 4.4.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Given that the risk of adverse incidents related to e-banking services cannot be completely eliminated, AIs should put in place formal incident response and management procedures for timely reporting and handling of different kinds of incidents (including suspected or actual security breaches, cyber… (§ 8.2.1, Hong Kong Monetary Authority Supervisory Policy Manual TM-E-1 Risk Management of E-Banking, V.3)
  • Principle: Firms should establish policies and procedures, as well as roles and responsibilities for escalating and responding to cybersecurity incidents. Effective practices for incident response include: - preparation of incident responses for those types of incidents to which the firm is most lik… (Incident Response Planning, Report on Cybersecurity Practices)