FCG 5.3 Further guidance

FCG 5.3.1

1FCTR contains the following additional material on data security:

  1. FCTR 6 summarises the findings of the FSA’s thematic review of Data security in Financial Services and includes guidance on:

    1. ◦ Governance (FCTR 6.3.1G)

    2. ◦ Training and awareness (FCTR 6.3.2G)

    3. ◦ Staff recruitment and vetting (FCTR 6.3.3G)

    4. ◦ Controls – access rights (FCTR 6.3.4G)

    5. ◦ Controls – passwords and user accounts (FCTR 6.3.5G)

    6. ◦ Controls – monitoring access to customer data (FCTR 6.3.6G)

    7. ◦ Controls – data back-up (FCTR 6.3.7G)

    8. ◦ Controls – access to the internet and email (FCTR 6.3.8G)

    9. ◦ Controls – key-logging devices (FCTR 6.3.9G)

    10. ◦ Controls – laptop (FCTR 6.3.10G)

    11. ◦ Controls – portable media including USB devices and CDs (FCTR 6.3.11G)

    12. ◦ Physical security (FCTR 6.3.12G)

    13. ◦ Disposal of customer data (FCTR 6.3.13G)

    14. ◦ Managing third party suppliers (FCTR 6.3.14G)

    15. ◦ Internal audit and compliance monitoring (FCTR 6.3.15G)

  2. FCTR 10 summarises the findings of the Small Firms Financial Crime Review, and contains guidance directed at small firms on:

    1. ◦ Records (FCTR 10.3.5G)

    2. ◦ Responsibilities and risk assessments (FCTR 10.3.7G)

    3. ◦ Access to systems (FCTR 10.3.8G)

    4. ◦ Outsourcing (FCTR 10.3.9G)

    5. ◦ Physical controls (FCTR 10.3.10G)

    6. ◦ Data disposal (FCTR 10.3.11G)

    7. ◦ Data compromise incidents (FCTR 10.3.12G)