Reading time: ~ 4 min.

The ICT resources requirements for Swiss finance industry set by FINMA
The Swiss finance industry ICT resources requirements set by FINMA 23/01 Circular
✅ A. Transversal Management of Operational Risks
✅ B. ICT Risk Management
✅ C. Cyber Risk Management
✅ D. Risk management of critical data
✅ E. Business continuity management (BCM)
✅ F. Management of risks relating to the provision of cross-border services
We just did a brief examination of the Chapter 4 of the FINMA Circular 23/01, but we should keep in mind too that there are other regulations that the document set.
If we take the «Chapter V», we noticed that this one relates to the need of «Ensuring operational resilience».
At this point, we can just have a big question for our compliance strategy: how to can we systematically manage the requirements of the Circular 2023/01 applicabile to the ICT resources?
How to manage the ICT requirements for Swiss finance industry set by FINMA according to the more relevant ISO standards
It is probably correct to say that a modern GRC approach – base on the main ISO standards we can put in relation with the matter – can help us on supporting the integrated management of all the requirements applicable to ICT resources, which are:
- Information security
- Business continuity
- IT services.
We should now figure out which ones are the ISO standards we can rely on to manage the requirements; and these are indeed:
- ISO 38500, for the Governance;
- ISO 31000, for the Risk Management;
- ISO 37301, for the Compliance Management.
We should remember also that a modern GRC approach allows indeed the adoption and of course the integration of the several reference standards (E.G. ISO standards and the NIST standards), as follows:
📘 ISO 22301 «business continuity standard»;
📘 ISO 20000-1 «IT services standard».
To better figure out the «big picture» about what we just described in these last lines, we can bring as usual our infographic.
