The Financial Services Authority (OJK) in Indonesia has issued a regulatory guideline, OJK Circular Letter No. 29/SEOJK.03/2022, on Cyber Security and Resilience for Commercial Banks. This circular letter aims to strengthen the cybersecurity and resilience of commercial banks in Indonesia and to ensure that they are adequately prepared to deal with cyber threats.
Under this circular letter, commercial banks in Indonesia are required to establish and implement a comprehensive cybersecurity and resilience policy that covers risk assessment, monitoring, and reporting, as well as incident response planning and testing. The circular letter also mandates that commercial banks must conduct regular vulnerability assessments, penetration testing, and security audits, and to establish a dedicated cybersecurity team or unit to oversee these activities.
Compared to previous regulations, OJK Circular Letter No. 29/SEOJK.03/2022 introduces several new requirements and expectations for commercial banks in Indonesia. Here are some of the notable changes and updates:
Overall, OJK Circular Letter No. 29/SEOJK.03/2022 introduces more specific and comprehensive requirements for commercial banks in Indonesia to improve their cybersecurity and resilience capabilities. It demonstrates OJK's commitment to promoting a secure and resilient digital ecosystem for financial services in the country.
At Spentera, we offer a range of services that can help commercial banks meet these requirements and protect themselves against cyber threats. Our services include:
Cyber Security Compliance Services
In the information security chain, people are often the weakest link. While there is no fixed method for people assessment testing, we use a baseline testing that includes.