COB 14.5.1 Guidance

1. An Authorised Firm may appoint an Auditor to carry out the functions specified in COB Rule 14.5.1(2)(a), provided it is satisfied that the Auditor has the relevant expertise.
2. Credentials that may indicate an independent third party professional is suitably qualified under COB Rule 14.5.1(2)(a):
a. designation as a Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) by the Information Systems Audit and Control Association (ISACA);
b. designation as a Certified Information Systems Security Professional (CISSP) by the International Information System Security Certification Consortium (ISC); or
c. accreditation by a recognised and reputable body to certify compliance with relevant ISO/IEC 27000 series standards.


Derived from DFSA RMI311/2021 (Made 30th June 2021). [VER39/10-21]