BoB adopts latest cyber security standards to overcome cyber threats

The Bank of Bhutan Limited (BoB) has implemented world-class cyber security standards in order to minimize cyber threats and risks.

The bank has adopted ISO 27001:2015 ISMS for Information Security Management System and Payment Card Industry Data Security Standards (PCI-DSS) during this year as part of the bank’s commitment in extending secured and reliable digital services.

These standards were launched on September 2 in Thimphu.

A bank official said that the standards were adopted because customer’s expectations have changed over the years; the way of doing business has also changed and technologies come with associated threats and risks like cyber threats and risks.

He also said that there is a Royal Monetary Authority’s regulatory requirement to minimize financial loss, reputational damage and cyber frauds.

The benefits of these standards are that the bank’s infrastructure and system are more secure, standard processes are put in place, service reliability, gaining customer’s trust and confidence, gaining business partners’ trust and confidence, business opportunities, regulatory compliance and more secure services.

The BoB’s Chief Executive Officer, Dorji Kadin, said that being a financial service provider and managing the people’s money it is very important to manage risks through different activities and initiatives and provide confidence to the people.

“We always ensure that there are no risks associated with managing the money,” the CEO said.

The CEO said that with this ISO certification they can assume that they have the best of the best system put in place in the system to protect any kind of threats that may get into the system of the bank. 

“It is also the requirement from all the international agencies to have this system in place.”    

“However, we cannot claim that we are fully protected because every day somebody, somewhere across the world, people, try to get access into the system for whatever reasons,” he added. 

Meanwhile, ISO 27001 (formally known as ISO/IEC 27001:2013) is a specification for the Information Security Management System (ISMS). An ISMS is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization’s Information Risk Management Processes. The ISMS preserves the confidentiality, integrity and availability of information, by applying a risk management process and gives confidence to interested parties so that the risks are adequately managed.

According to the BoB, securing the ISO 27001 certification demonstrates that BoB has identified the risks, assessed the implications and put in place the needed systemized controls to limit any damage to the organization and that the bank is prepared to provide requirements for establishing, implementing, maintaining and continually improving an ISMS. Overall, getting ISO 27001 certification portrays that the Bank is sensitive about information security. 

PCI-DSS is an Information Security Standard, applicable to organizations that handle card transactions, from the major Card Schemes, like Visa, MasterCard etc. The standard was created to increase controls around cardholder-data, to reduce card-related frauds. PCI certification ensures security of card data at business, through fulfilment of a set of requirements that are established by the PCI-SSC. These include a number of commonly known best practices, such as installation of firewalls, encryption of data transmitted, etc.

BoB officials also said that the Bank has transformed itself into offering reliable digital banking experience from legacy banking. However, the digital transformation always comes associated with unwanted cyber threats and risks.

Actually, the Bank started the processes to implement these controls some time back, at the same time, the RMA came up with the regulation that all the banks have to implement Cyber Security Controls in their respective organization.

Officials said that with these security standards implemented at the Bank, the infrastructure, system, digital services and card business provided by the Bank to its customers are more secure and reliable now.

The Bhutan Standard Bureau (BSB) had offered the BoB for certification of ISO 9001:2015 QMS at a minimal cost. 

Initial start for ISO certification was, meanwhile, done on September 13, 2016. 

Dechen Dolkar from Thimphu