Information technology guidelines
In the process of software development a lots of software failed due to technical errors. This act guide B&FIs to prevent such errors. In order to prevent potential errors, following points should be taken care of;
Points that should be taken care of
User’s functional requirements, security requirement, performance requirement and technical specification should be approved by appropriate level of management.
Information security requirement should be incorporated at a early stage of software development lifecycle
Security requirement related to access control, authentication, transaction authorization, system activity logging, audit trial, data integrity, security event tracking etc. should be incorporated along with business requirement
All system should have audit trial detail enough to use it as forensic evidence and audit trial should be meet inter-alia, regularity and legal requirements
Banks are encouraged to conduct source code review of an application with objectives of finding loopholes and defect in the software incurred due to poor programming practice.
All the vulnerabilities, loopholes and defect found on software should be fixed before the system is implemented.
Above mentioned points should be taken care of which ensures that all the vulnerabilities, loopholes and defect are prevented before issuing developed software in result BFIs will not have to face any possible financial or non-financial losses.
