Skip to Content
Whole SectionText only Print Print Manager Link


In case the licensees use cloud services, they must seek the CBB's prior approval and ensure that, at a minimum, the following security measures are in place:

(a) Customer information must be encrypted and that all encryption keys or similar forms of authentication are kept secure within the licensee's control;
(b) A secure audit trail must be maintained for all actions performed at the cloud services outsourcing provider;
(c) A comprehensive change management procedure must be developed to account for future changes to technology with adequate testing of such changes;
(d) The licensee's data must be logically segregated from other entities data at the outsourcing service provider's platform;
(e) The cloud service provider must provide information on measures taken at its platform to ensure adequate information security, data security and confidentiality, including but not limited to forms of protection available against unauthorized access and incident management process in cases of data breach or data loss; and
(f) The right to release customer information/data in case of foreign government/court orders must be the sole responsibility of the licensee, subject to the CBB Law.
Added: December 2018
(1 Version)
Dec 1 2018 onwards
Back to top