https://www.polity.org.za
Deepening Democracy through Access to Information
Home / Legal Briefs / All Legal Briefs RSS ← Back
Business|Financial|SECURITY|Services|System|Systems|Operations
Business|Financial|SECURITY|Services|System|Systems|Operations
business|financial|security|services|system|systems|operations
Close

Email this article

separate emails by commas, maximum limit of 4 addresses

Sponsored by

Close

Article Enquiry

Financial Sector Regulation and the Prudential Authority published Joint Standard 2 of 2024 on cybersecurity and cyber resilience requirements


Close

Embed Video

Financial Sector Regulation and the Prudential Authority published Joint Standard 2 of 2024 on cybersecurity and cyber resilience requirements

Financial Sector Regulation and the Prudential Authority published Joint Standard 2 of 2024 on cybersecurity and cyber resilience requirements

23rd May 2024

ARTICLE ENQUIRY      SAVE THIS ARTICLE      EMAIL THIS ARTICLE

Font size: -+

The Joint Standard 2 of 2024 (Joint Standard) applies to all financial institutions as defined in the Joint Standard. It sets out the requirements for sound practices and processes relating to cybersecurity and cyber resilience for financial institutions.

The Joint Standard is expected to commence on 1 June 2025.

Advertisement

The FSCA and PA will formally publish the effective date by publishing a notice on their websites.

The Joint Standard requires financial institutions to:

Advertisement
  • Mitigate and cater for any risks relating to cybersecurity and cyber resilience from juristic persons structured under a bank, the insurer, or the insurance group when applying the requirements of the Joint Standard.
  • Notify the responsible authority of cyber incidents or information security comprises they classify as a material incident. The specific format and manner for reporting these incidents are yet to be determined.
  • Establish and maintain a regularly reviewed cybersecurity strategy to manage cyber risks and address changes in the cyber threat landscape. 
  • Identify business processes and information assets that support business and the delivery of services, conduct risk assessments on its critical operations and information assets and maintain an inventory of all its information assets. Implement appropriate and effective cybersecurity practices to prevent the impact of potential cyber incidents. 
  • Ensure that access to information is limited to authorised users and devices only. Develop data loss prevention policies and measures to prevent and detect unauthorised use of sensitive data and information. Implement a cybersecurity awareness programme to maintain a high level of awareness among all users.
  • Maintain effective cyber resilience capabilities to monitor, detect, respond and recover from cyberattacks on IT systems. Establish a data backup strategy to ensure that any sensitive information stored in the backup media is secured. 
  • Regularly test all elements of its cyber resilience capacity and security controls to assess vulnerabilities and determine its overall effectiveness. 
  • Establish a regularly reviewed access control policy and process to enforce strong password security controls for users to access IT systems and information assets. Secure administrative accounts and grant privileged access only when necessary.
  • Implement multi-factor authentication for all users with access to critical system functions, including user accounts utilised to access applications containing sensitive information. Protect the network from unauthorised access and disruption through the implementation of security controls at its network perimeter.
  • Test and apply security patches to address vulnerabilities in IT assets. Maintain written security standards for hardware and software configurations to minimise exposure to cyber threats. Implement endpoint protection to prevent malware infection.

The Joint Standard strengthens the financial sector's cyber defences. Financial institutions have one year to comply, requiring proactive measures for a smooth transition and a more secure future.

 

Written by by Gabi Richards-Smith, Partner, Mateen Memon, Associate and Malibongwe Zwane, Candidate Attorney from Webber Wentzel

EMAIL THIS ARTICLE      SAVE THIS ARTICLE ARTICLE ENQUIRY

To subscribe email subscriptions@creamermedia.co.za or click here
To advertise email advertising@creamermedia.co.za or click here

Comment Guidelines

About

Polity.org.za is a product of Creamer Media.
www.creamermedia.co.za

Other Creamer Media Products include:
Engineering News
Mining Weekly
Research Channel Africa

Read more

Subscriptions

We offer a variety of subscriptions to our Magazine, Website, PDF Reports and our photo library.

Subscriptions are available via the Creamer Media Store.

View store

Advertise

Advertising on Polity.org.za is an effective way to build and consolidate a company's profile among clients and prospective clients. Email advertising@creamermedia.co.za

View options

Email Registration Success

Thank you, you have successfully subscribed to one or more of Creamer Media’s email newsletters. You should start receiving the email newsletters in due course.

Our email newsletters may land in your junk or spam folder. To prevent this, kindly add newsletters@creamermedia.co.za to your address book or safe sender list. If you experience any issues with the receipt of our email newsletters, please email subscriptions@creamermedia.co.za