Friday, February 19, 2010

FSA Security Controls for protecting Customer Data

In April 2008 the Financial Services Authority published their recommendations for protecting customer data. From the Executive Summary

This report describes how financial services firms in the UK are addressing the risk that their customer data may be lost or stolen and then used to commit fraud or other financial crime. It sets out the findings of our recent review of industry practice and standards in managing the risk of data loss or theft by employees and third-party suppliers.

At just over 100 pages, the report details controls and best practices in the following areas to protect customer data

  1. Governance
  2. Training and awareness
  3. Access rights
  4. Passwords and user accounts
  5. Monitoring access to customer data
  6. Data back-up
  7. Access to the internet and email
  8. Key-logging devices
  9. Laptops
  10. Portable media including USB devices and CDs
  11. Physical security
  12. Disposal of customer data
  13. Managing third-party suppliers
  14. Internal Audit and Compliance monitoring

No comments: