In April 2008 the Financial Services Authority published their recommendations for protecting customer data. From the Executive Summary
This report describes how financial services firms in the UK are addressing the risk that their customer data may be lost or stolen and then used to commit fraud or other financial crime. It sets out the findings of our recent review of industry practice and standards in managing the risk of data loss or theft by employees and third-party suppliers.
At just over 100 pages, the report details controls and best practices in the following areas to protect customer data
- Governance
- Training and awareness
- Access rights
- Passwords and user accounts
- Monitoring access to customer data
- Data back-up
- Access to the internet and email
- Key-logging devices
- Laptops
- Portable media including USB devices and CDs
- Physical security
- Disposal of customer data
- Managing third-party suppliers
- Internal Audit and Compliance monitoring
No comments:
Post a Comment