Entire Section
PIB 6.7.1 PIB 6.7.1
An
Authorised Firm must establish and maintain appropriate systems and controls to manage its information security risk.Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]PIB 6.7.1 Guidance
In establishing its systems and controls to address information security risks, an
Authorised Firm should have regard to:a. confidentiality: information should be accessible only to persons or systems with appropriate authority, which may require firewalls within a system, as well as entry restrictions;b. the risk of loss or theft of customer data;c. integrity: safeguarding the accuracy and completeness of information and its processing;d. non-repudiation and accountability: ensuring that the person or system that processed the information cannot deny their actions; ande. internal security: including premises security, staff vetting; access rights and portable media, staff internet and email access, encryption, safe disposal of customer data, and training and awareness.Derived from RM111/2012 (Made 15th October 2012). [VER20/12-12]