Guidelines on information and communication technology security and governance

The objective of these Guidelines is to:

1. provide clarification and transparency to market participants on the minimum expected information and cyber security capabilities, i.e. security baseline;
2. avoid potential regulatory arbitrage;
3. foster supervisory convergence regarding the expectations and processes applicable in relation to ICT security and governance as a key to proper ICT and security risk management.