The Central Bank of Bahrain requirements for ICT resource in financial sector: GRC approach and main related standards.

02 Apr 2024 02:31 PM By itSMF Staff

Reading time: ~ 2 min.

direttiva sulla responsabilitΓ  da intelligenza artificiale itsmf blog

The Central Bank of Bahrain and the rulebook

The Central Bank of Bahrain (CBB) is the authority in charge of regulation and supervision of the whole financial sector of Bahrain.

Among all the laws and regulations available on the Central Bank of Bahrain documentation, we find its Β«CBBRulebookΒ», that is made up of these parts:

πŸ“˜ Common Volume

πŸ“˜ Volume 1 (Conventional Banks)

πŸ“˜ Volume 2 (Islamic Banks)

πŸ“˜ Volume 3 (Insurance)

πŸ“˜ Volume 4 (Investment Business)

πŸ“˜ Volume 5 (Specialised Lincensees)

πŸ“˜ Volume 6 (Capital Markets)

πŸ“˜ Volume 7 (Collective Investment Undertakings)

In our article, we're going to take a closer look at the Β«Volume 1Β» on conventional banks.

The CBB Rulebook Volume 1 and its requirements

In its Β«Rulebook Volume 1Β» for conventional banks, the Central Bank of Bahrain set the requirements applicable to the ICT resources management.

In particular, is the Part A about Β«Business Standards SectionΒ» that provides us a focus on the relevant matter of operational risk management.

The CBB rulebook set in this section the following categories of requirements:

πŸ”– OM-A Introduction (executive summary, legal basis and module history)
πŸ”– OM-B Scope of application (Bahraini conventional and branches of foreign bank licensees)
πŸ”–OM-1 General Requirements

πŸ”–OM-2 Outsourcing requirements

πŸ”–OM-3 Electronic money and electronic bank activities

πŸ”–OM-4 Business Continuity Management

πŸ”–OM-5 Security measures for banks

πŸ”– OM-6 Books and records

πŸ”– Appendix A, B and C (Loss event type classification, Cyber security control guidelines)

How can we manage these Rulebook requirements for ICT resources? Our solution is a GRC Approach: let's take a closer look in the next lines.

The ISO standards applicable to the CBB Rulebook requirements for ICT Resources

We can support the management – in an integrated way – of the requirements for ICT resources set by the Central Bank of Bahrain with the GRC approach based in particular on these ISO standards:

βœ… ISO 38500 on Governance

βœ… ISO 31000 on Risk Management

βœ… ISO 37301 on Compliance Management

We should keep in mind, in this case, that the focus is on the information security, business continuity and IT services.

With the GRC approach on the ICT resources requirements management we can take advantage also of the chance to adopt and integrate the reference standards available, as the ISO standards and NIST standards.

These are the main relevant standards:

πŸ“˜ Information security standard: ISO 27001;

πŸ“˜ Cybersecurity framework standard: ISO 27110 and NIST standard;

πŸ“˜ Business Continuity standard: ISO 22301;

πŸ“˜ IT services standard: ISO 20000-1.

Our infographic on CBB rulebook ICT resources requirements and related ISO standards

To better figure out  the Β«big pictureΒ», take a look at our infographic:
By Andrea Leonardi (VP @ Minerva Group Service, MP @ Alpemi Consulting & itSMF Swizerland board member).
If you want to keep you up-to-date with the most recent news on this topic, don't forget to follow us through our social media accounts. Do you prefer to read our latest content on your e-mail? Subscribe now on our newsletter!


Need to know more about it?

Click on one of the options below to enter in the itSMF Enviroment and for being updated the way which is best for you.

Subscribe to itSMF Newsletter
Get the benefits of Membership Program

Our sponsors

A special thanks to our Advanced Sponsors:

itSMF Staff