Reading time: ~ 5 min.

ICT resources in the Italian finance industry: the requirements set by Bank of Italy circular 285
ICT resources in the Italian finance industry: the requirements set by Bank of Italy circular 285
The circular 285 by Bank of Italy: focus on the 4th title
Circular 285, Chapter 4: «Information systems»
✅ section II – governance, organization and controls of the information system
✅ section III – ICT and security risk management
✅ section IV – the management of information security and ict operations
✅ section IV bis – the management of ict projects and changes
✅ section V – the data management system
✅ section VI – the outsourcing of the information system and the use of third parties for the provision of ICT services
✅ section VII – specific provisions on the «provision of payment services»
✅ annex A – corporate documents for the management and control of the information system.
Circular 285, Chapter 5: «Business continuity»
GRC Approach (and related ISO standards) for the compliance to the Bank of Italy Circular 285 about requirements on ICT resources
- Information security
- Business continuity
- IT services.
We can match now for all these requirements the related ISO standards:
- ISO 38500, for the Governance;
- ISO 31000, for the Risk Management;
- ISO 37301, for the Compliance Management.
We should remember also that a modern GRC approach allows indeed the adoption and of course the integration of the several reference standards (E.G. ISO standards and the NIST standards), as follows:
📘 ISO 22301 «business continuity standard»;
📘 ISO 20000-1 «IT services standard».
To better figure out the «big picture» about what we just described in these last lines, we can bring as usual our infographic.
