Information security
Strategy

Information Security Strategy

The bank follows and applies the highest standards of information security to maintain the confidentiality, authenticity and availability of information. This information is available in many forms, including printed matter, written on paper, saved electronically, transmitted by mail or through the use of electronic means, contained in presentations, or exchanged verbally in conversations. The bank relies heavily on computer systems to store, process and manage customer data and information.  Therefore, the bank is keen to protect it appropriately in accordance with security controls and optimal information security applications, regardless of the form it takes, or the means that are used to exchange or save it, because it is a valuable asset that must be treated as such in any form.

The bank also believes that information and data are very important and valuable assets that must be protected to ensure the provision of reliable services to customers. Therefore, the bank's management aims to protect this information and data by applying appropriate controls to the bank's systems, conducting the necessary tests for them, and monitoring them on an ongoing basis to achieve the necessary protection of important information from potential risks that may negatively affect the bank's work mechanisms or its reputation.

The bank also set goals to enhance information security to ensure that all services continue to be provided to beneficiaries in a secure manner, in line with Essential Cybersecurity Controls (ECC-1: 2018) 

Continuous improvement:

The Bank's management carries out continuous improvement of the information security management system, through which the effectiveness of security controls is maintained and improved. Key performance indicators were also developed and used to measure the effectiveness of the information security management system and its controls. The bank also conducts a review of information security management policies at least annually or when significant changes occur to ensure the suitability, efficiency, effectiveness and development of the frameworks in line with issued regulations and legislation such as Basic Cybersecurity Controls (ECC-1: 2018) .

If you have any inquiries about the information security strategy, you can contact the Department The portal via the page Communication channels.

Relevant legislation:

Electronic Transactions System  : Communications and Information Technology Commission

Cybercrime Combating System  : Communications and Information Technology Commission

Basic Cybersecurity Controls  : National Cybersecurity Authority