BackText onlyPrint

You need the Flash plugin.

Download Macromedia Flash Player

Location: Central Bank of Bahrain Volume 5—Specialised Licensees > Specific Modules (By Type of Licensee) > Type 7: Ancillary Service Providers > Part A > High Level Standards > GR Ancillary Service Providers General Requirements Module > GR-11 Outsourcing > Use of Cloud > GR-11.1.21
  • Use of Cloud

    • GR-11.1.21

      In case the licensees use cloud services, they must seek the CBB's prior approval and ensure that, at a minimum, the following security measures are in place:

      (a) Customer information must be encrypted and that all encryption keys or similar forms of authentication are kept secure within the licensee's control;
      (b) A secure audit trail must be maintained for all actions performed at the cloud services outsourcing provider;
      (c) A comprehensive change management procedure must be developed to account for future changes to technology with adequate testing of such changes;
      (d) The licensee's data must be logically segregated from other entities data at the outsourcing service provider's platform;
      (e) The cloud service provider must provide information on measures taken at its platform to ensure adequate information security, data security and confidentiality, including but not limited to forms of protection available against unauthorized access and incident management process in cases of data breach or data loss; and
      (f) The right to release customer information/data in case of foreign government/court orders must be the sole responsibility of the licensee, subject to the CBB Law.
      Added: December 2018

Back to top