BOT IT Compliance Audit

BOT IT Compliance Audit

Name of Regulatory Compliance Audit

Regulatory Compliance Audit Based on Bank of Thailand (BOT) Announcement SNC. 1/2564 - Governance Criteria Specifying Information Technology Risks According to Laws on Payment Systems

(การตรวจประเมิน อ้างอิงตามประกาศธนาคารแห่งประเทศไทย ที่ สนช. 1 /2564 เรื่อง หลักเกณฑ์การกากับดูแลความเสี่ยงด้านเทคโนโลยีสารสนเทศ ตามกฎหมายว่าด้วยระบบการชำระเงิน)

About This Audit

Information Technology (IT) nowadays plays a crucial role in businesses and service provisions by enterprises according to laws on payment systems. IT has been used as an important infrastructure that helps improve efficiency, reduce operational costs and speed up the operations. Inappropriate IT management directly contributes to the emergence of IT Risks and Cybersecurity threats, impacting on the confidence of the customers and their trust in the payment system.

Hence, Bank of Thailand (BOT) introduced additional regulations to govern business operators and providers of financial services under the laws on payment systems according to SNC. 1/2564 (สนช. 1/2564). There are two key IT risk governance requirements proposed: (1) Cyber hygiene and (2) IT risk management.

Type of Audit

  • Audit Scope

TUV NORD Thailand's BOT IT Compliance Audit Service

TUV NORD Thailand Limited was established in 1989 as part of the TÜV NORD Group. During the past decades, TUV NORD Thailand has accumulated extensive experience in information securities, IT risks and IT related certification to ensure ability to provide suggestions to our customers on the full range of information securities and IT related services provisioning, and be expert in information securities, IT risks and IT related audit.

 

1. Understanding the requirements of BOT announcement SNC. 1/2564 - Governance Criteria Specifying Information Technology Risks According to Laws on Payment Systems.

2. Establish the scope, objectives, and context of the organization in accordance with BOT announcement SNC. 1/2564.

3. Get Management Buy-in.

4. Perform IT risk assessment activities.

5. Implement controls to mitigate IT risks.

6. Organize IT risk training for relevant parties.

7. Review and update mandatory documentation according to BOT announcement SNC. 1/2564.

8. Choose a non-accredited certification body, e.g., TUV NORD Thailand to conduct a regulatory compliance audit against BOT announcement SNC. 1/2564.

Reference

1. BOT Announcement SNG. 1/2564 - Governance Criteria Specifying Information Technology Risks According to Laws on Payment Systems

2. BOT IT Risk Management Implementation Guideline

3. BOT Third Party Risk Management Implementation Guideline