EC No. 157/DoS-36/2023
17 July 2023
Ref. No. NB. DoS. Policy/894/J-1/ 2023-24
The Chairman
All Regional Rural Banks
The Managing Director/ Chief Executive Officer
All State Cooperative Banks
All District Central Cooperative Banks
Madam /Dear Sir
Cyber Security Related Returns- Certification by Internal Audit Head
Supervised Entities (SEs) are required to submit periodical returns to CSITE Cell, NABARD which includes Half-yearly returns on Vulnerability Index on Cyber Security (CS-01), Level of Exposure and Level of Compliance (CS-02) and Yearly return on Storage of Payment System Data. On a review it has been observed that the responses for the aforesaid returns are inconsistent.
2. In order to ensure accuracy and consistency, SEs are advised to submit the returns certified by the Head of Internal Audit once every year as indicated in the table below:
| Return Name |
Periodicity |
Applicability |
Response to be certified for the period |
Submission Timeline |
| Vulnerability Index on Cyber Security (CS-01) |
Half-yearly |
RRBs, StCBs and DCCBs |
Every half year ending September |
October 31 |
| Level of Exposure and Level of Compliance (CS-02) |
Half-yearly |
RRBs, StCBs and DCCBs |
Every half year ending September |
October 31 |
| Storage of Payment System Data |
Yearly |
RRBs, StCBs and DCCBs |
Every year ending March |
April 30 |
3. SEs shall note to take due care to ensure accuracy of returns and the Internal Audit Head will be personally held accountable for the accuracy of the submissions, ibid.
4. Please acknowledge the receipt to the concerned Regional Office.
Yours faithfully
Sd/-
(Prabhat Keshava)
General Manager