GENERAL CYBER & INFORMATION SECURITY POLICY 

1. INTRODUCTION 

1.1 Information and information assets are vital resources for GCB Bank and must be safeguarded by putting in place suitable controls to lower the risks associated with using them. 2.1 The objective of this policy is to offer guidelines for safeguarding the information and information assets of GCB Bank, as well as those of its clients and suppliers against internal and external threats. 

3.1 The GCB Information Security Management System (ISMS) covers the operations, processes, information assets, and people of the bank. 

4.1 To safeguard the information and system assets of GCB Bank ensuring confidentiality, integrity, and availability of the bank’s data thereby protecting the it’s reputation. 

4.2 To adhere to relevant laws, regulations, directives, and industry standards. 

1.2 This document also demonstrates Management's commitment to create a transparent security policy and its dedication to putting GCB Bank's Information Security Management System into place and keeping it up to date through continuous improvements. 

2. PURPOSE 

2.1 The objective of this policy is to offer guidelines for safeguarding the information and information assets of GCB Bank, as well as those of its clients and suppliers against internal and external threats.

3. SCOPE OF ISMS 

  • 3.1 The GCB Information Security Management System (ISMS) covers the operations, processes, information assets, and people of the bank.

4. INFORMATION SECURITY OBJECTIVES 

4.3 To strengthen the security culture among employees, customers, and other stakeholders through ongoing cybersecurity and awareness initiatives. 

4.4 To boost our competitive edge by securely facilitating and advancing new products and services. 

4.5 To align with and support the business strategy and goals of GCB Bank PLC. 

5.1 GCB Bank is dedicated to adhering to multiple information security standards, including ISO/IEC 27001:2022, ISO/IEC 20000:2018, ISO/IEC 23301:2019, the Payment Card Industry Data Security Standard (PCI DSS v4.0), and SWIFT CSP (Customer Security Programme), in order to safeguard data regardless of its processing or storage location. This policy is applicable to all other pertinent local legislation, including the Electronic Transaction Act of 2008 (Act 772) and the Cyber Security Act 2020 (Act 1038) and the Data Protection Act 2012 (Act 843). 

5.2 In order to protect GCB Bank's data, all employees are required to abide by this policy as well as any associated guidelines or regulations. 

5.3 This document is approved by Executive Management and the Board of GCB Bank and shall be published and communicated in an appropriate manner to all stakeholders of GCB Bank. 

6.1 This policy applies to all the GCB Bank staff, systems and related parties with a relationship with GCB Bank and any entity processing data on behalf of GCB Bank. 

5. POLICY STATEMENTS 

5.1 GCB Bank is dedicated to adhering to multiple information security standards, including ISO/IEC 27001:2022, ISO/IEC 20000:2018, ISO/IEC 23301:2019, the Payment Card Industry Data Security Standard (PCI DSS v4.0), and SWIFT CSP (Customer Security Programme), in order to safeguard data regardless of its processing or storage location. This policy is applicable to all other pertinent local legislation, including the Electronic Transaction Act of 2008 (Act 772) and the Cyber Security Act 2020 (Act 1038) and the Data Protection Act 2012 (Act 843). 

5.2                     In order to protect GCB Bank's data, all employees are required to abide by this policy as well as any associated guidelines or regulations. 

5.3                      This document is approved by Executive Management and the Board of GCB Bank  and shall be published and communicated in an appropriate manner to all stakeholders of GCB Bank.

6. APPLICABILITY 

6.1 This policy applies to all the GCB Bank staff, systems and related parties with a relationship with GCB Bank and any entity processing data on behalf of GCB Bank.

7. REFERENCE DOCUMENTS (International Standards, Local Laws) 

  1. ISO/IEC 27001:2022 standard. 
  2. PCI DSS v4.0 standard. 
  3. ISO/IEC 20000:2018 standard. 
  4. Cyber Security Act ,2020 (Act 1038) 
  5. Electronic Transaction Act, 2008 (Act 772) 
  6. Data Protection Act, 2012 (Act 843) 
  7. Banks and Specialized Deposit-Taking Institutions Act, 2016 (Act 930) 
  8. BoG Cyber and Information Security Directive (October 2018).