The final part of protection necessary against technology risks is data protection.
The operational risk manager should ask the following key control questions for
assessing the data protection the firm has against technology risk:
Ω What are the data retention policies? Is there any legislation that must be
followed?
Ω What is the data classification system (levels of physical access, restriction,
classified, data sensitivity, review procedure, periodic verification of classified
data)?
Hiç yorum yok:
Yorum Gönder