The Standard for Financial Service Providers
What is ISO 13569?
ISO/TR 13569 is an international standard published in 2005. It was developed by Technical Committee ISO/TC 68, an institution established by the International Organization for Standardization (ISO). Its official title is "Financial services — Information security guidelines". ISO 13569 is not formally part of the ISO 27000 series of standards, but closely linked to it as far as content is concerned. It contains guidelines for the development of an information security programme for financial service providers and may thus be regarded as an industry-specific ISO 27001 version. With ISO 13569, banks and other financial companies have gained the opportunity to establish a required minimum of information security in order to ensure the confidentiality, availability, and integrity of the data processed.
Financial-Specific Threats and Vulnerabilities
The introduction of computer and network-based technologies has resulted in major changes to the processes within the financial sector. Every day, huge amounts of money are transferred by electronic means. These developments require increased system interconnection, leaving both service providers and clients vulnerable to more and more sophisticated attacks. These risks require extensive security measures to protect the financial values, but also the personal data collected, stored, and processed by providers.
ISO 13569: Topics and Content
Taking the financial-specific threats and vulnerabilities into account, ISO 13569 covers the following topics:
- Corporate security policy
- Information security programme
- Risk analysis and assessment
- Selection and implementation of general and industry-specific security measures
- Operation, maintenance and monitoring
- Security incident handling
ISO 13569 in Your Organisation
Are you interested in implementing ISO 13569 in your organisation? Please refer to our overview to find out which similar standards from the ISO 27000 series are relevant for you. Our project procedure describes how plan42 supports you during implementation. Do you have any further questions? Please feel free to contact us.