{"id":26982,"date":"2026-01-06T15:29:53","date_gmt":"2026-01-06T09:59:53","guid":{"rendered":"https:\/\/ivaluegroup.com\/en-in\/?p=26982"},"modified":"2026-01-06T15:30:07","modified_gmt":"2026-01-06T10:00:07","slug":"third-party-risk-management-for-nbfcs-under-rbi-directions-2025","status":"publish","type":"post","link":"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/third-party-risk-management-for-nbfcs-under-rbi-directions-2025\/","title":{"rendered":"Third-Party Risk Management for NBFCs Under RBI Directions 2025"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"26982\" class=\"elementor elementor-26982\" data-elementor-post-type=\"post\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5f343f2 e-flex e-con-boxed e-con e-parent\" data-id=\"5f343f2\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-e3dfe98 elementor-widget elementor-widget-heading\" data-id=\"e3dfe98\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2 class=\"elementor-heading-title elementor-size-default\">A Highly Targeted Industry With A Highly Vulnerable Supply Chain<span style=\"font-size: 2.5rem; font-style: inherit;\"><\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3b35b91 e-flex e-con-boxed e-con e-parent\" data-id=\"3b35b91\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b665efa elementor-widget elementor-widget-text-editor\" data-id=\"b665efa\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.20.0 - 26-03-2024 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#69727d;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#69727d;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p><span style=\"color: #000000;\">As India\u2019s financial prowess grows in unison with its expanding role as a world superpower, the country\u2019s BFSI industry faces increased scrutiny\u2026 from customers, from regulators and from cyberattackers. In <a href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/ivalue-whitepapers\/cybersecurity-data-privacy-indian-businesses\/\">DSCI<\/a>\u2019s India Cyber Threat Report 2025, BFSI comes in the Top 3 most targeted industries, making up <a href=\"https:\/\/www.quickheal.co.in\/documents\/threat-report\/india-cyber-threat-report-2025.pdf\" target=\"_blank\" rel=\"noopener\">17.38% of reported attacks.\u00a0<\/a><\/span><\/p><p><span style=\"color: #000000;\">To effectively handle sensitive financial data, many institutions have to incorporate a wide range of third-party solutions ranging from cloud storage to data processing to cybersecurity. Unfortunately, this complexity has given attackers a way in &#8211; according to <a href=\"https:\/\/securityscorecard.com\/wp-content\/uploads\/2025\/09\/India-Supply-Chain-Report_2025.pdf\" target=\"_blank\" rel=\"noopener\">India\u2019s Financial Supply Chain: Cybersecurity Threat Report 2025 by SecurityScorecard<\/a>, 95% of India\u2019s top financial institutions were linked to a third-party data breach in the past year.<\/span><\/p><p><span style=\"color: #000000;\">It has become a widespread problem, and to combat it, RBI has recently released the <a href=\"https:\/\/www.rbi.org.in\/commonman\/english\/scripts\/Notification.aspx?Id=2646\" target=\"_blank\" rel=\"noopener\">Reserve Bank Of India (Non-Banking Financial Companies &#8211; Managing Risks in Outsourcing) Directions<\/a>, 2025, with timelines coming into immediate effect for organizations under its purview.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-c6176d5 e-flex e-con-boxed e-con e-parent\" data-id=\"c6176d5\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3b54449 elementor-widget elementor-widget-heading\" data-id=\"3b54449\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Which Organizations + What Types Of Services Come Under These Directions?<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-38c6e93 e-flex e-con-boxed e-con e-parent\" data-id=\"38c6e93\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8678ea4 elementor-widget elementor-widget-text-editor\" data-id=\"8678ea4\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">The exhaustive set of new regulations apply to the following categories of NBFCs:<\/span><\/p><ul><li><span style=\"color: #000000;\">NBFCs permitted to accept public deposits (NBFC-D)<\/span><\/li><li><span style=\"color: #000000;\">Investment &amp; Credit Companies (NBFC-ICC)<\/span><\/li><li><span style=\"color: #000000;\">Factoring companies (NBFC-Factor)<\/span><\/li><li><span style=\"color: #000000;\">Microfinance institutions (NBFC-MFI)<\/span><\/li><li><span style=\"color: #000000;\">NBFCs specialising in long-term infrastructure lending (NBFC-IFC)<\/span><\/li><li><span style=\"color: #000000;\">NBFCs set up specifically to refinance operational infrastructure projects (IDF-NBFC)<\/span><\/li><li><span style=\"color: #000000;\">Housing Finance Companies (HFC)<\/span><\/li><li><span style=\"color: #000000;\">Standalone Primary Dealers (SPDs)<\/span><\/li><li><span style=\"color: #000000;\">Credit Information Companies that collect, process and disseminate credit data (CICs)<\/span><\/li><li><span style=\"color: #000000;\">Digital peer-to-peer lending platforms (NBFC-P2P)<\/span><\/li><li><span style=\"color: #000000;\">Consent-based account aggregators that enable sharing of financial data (NBFC-AA)<\/span><\/li><\/ul><div><div><span style=\"color: #000000;\">If your enterprise falls under any of these categories, the following financial and IT services you\u2019ve already outsourced or plan to outsource will come under scrutiny:<\/span><\/div><\/div><div><div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\"><table style=\"border-collapse: collapse; table-layout: fixed; width: 468pt; border: initial none initial;\"><colgroup> <col \/> <col \/><\/colgroup><tbody><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Financial Services<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 11pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">IT Services<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><ul><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Application processing for loans &amp; credit cards<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Loan supervision<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Document processing<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Data processing<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Marketing &amp; research<\/span><\/li><\/ul><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><ul><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">IT infrastructure management (including tech associated with your payment systems)<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Network &amp; security solutions<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Cloud computing services<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Services &amp; operations related to data centres<\/span><\/li><li dir=\"ltr\" style=\"line-height: 1.2;\" role=\"presentation\"><span style=\"font-size: 10pt; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; text-wrap-mode: wrap; color: #000000;\">Other managed security services<\/span><\/li><\/ul><\/td><\/tr><\/tbody><\/table><p><span style=\"color: #000000;\">For existing outsourcing contracts for these services, transition to the new directions is allowed until April 10, 2026. For any new outsourcing projects you are about to undertake for these services, the rules come into immediate effect.<\/span><\/p><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-9eedb6a e-flex e-con-boxed e-con e-parent\" data-id=\"9eedb6a\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-72943f3 elementor-widget elementor-widget-heading\" data-id=\"72943f3\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">End-To-End Governance Of The Supply Chain Cycle<span style=\"font-size: 2.5rem; font-style: inherit;\"><\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b1c34a3 e-flex e-con-boxed e-con e-parent\" data-id=\"b1c34a3\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-7df758e elementor-widget elementor-widget-text-editor\" data-id=\"7df758e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">The core objective of the new RBI Directions is to mitigate risk across the entire supply chain journey your enterprise has with all its service providers:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d56f4fd e-flex e-con-boxed e-con e-parent\" data-id=\"d56f4fd\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-51ad4d8 elementor-widget elementor-widget-heading\" data-id=\"51ad4d8\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Due Diligence Before Selection Of Service Provider<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2ccbf21 e-flex e-con-boxed e-con e-parent\" data-id=\"2ccbf21\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-acf493e elementor-widget elementor-widget-text-editor\" data-id=\"acf493e\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">To determine whether the service provider you are considering is right for the task at hand,\u00a0<\/span><span style=\"color: #000000; font-style: inherit; font-weight: inherit;\">RBI prescribes a thorough review of the provider in question when it comes to these following factors:<\/span><\/p><ul><li><span style=\"color: #000000;\">Past experience &amp; demonstrated competence for the task you have in mind for them<\/span><\/li><li><span style=\"color: #000000;\">Financial soundness &amp; ability to service even under adverse conditions<\/span><\/li><li><span style=\"color: #000000;\">Business reputation &amp; culture, including look-ins at complaints, potential litigation and any conflict of interest<\/span><\/li><li><span style=\"color: #000000;\">A look at the tech infrastructure stability of the provider, including data backup arrangements and disaster recovery plans<\/span><\/li><li><span style=\"color: #000000;\">Appropriate controls to ensure data protection and NBFC access to the data being used<\/span><\/li><li><span style=\"color: #000000;\">A look at independent reviews &amp; market feedback on the provider in question<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-379d068 e-flex e-con-boxed e-con e-parent\" data-id=\"379d068\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-603bdaf elementor-widget elementor-widget-heading\" data-id=\"603bdaf\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Outsourcing Contract With Service Provider<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-da71120 e-flex e-con-boxed e-con e-parent\" data-id=\"da71120\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f01fc92 elementor-widget elementor-widget-text-editor\" data-id=\"f01fc92\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Once you have made the decision to go ahead with a particular service provider,\u00a0<\/span><span style=\"color: #000000; font-style: inherit; font-weight: inherit;\">a legally binding outsourcing agreement must be signed that includes but is not limited to:<\/span><\/p><ul><li><span style=\"color: #000000;\">List of all the activities being outsourced, including SLAs for service &amp; performance standards to be maintained<\/span><\/li><li><span style=\"color: #000000;\">NBFC access to all data, books, records, logs and alerts relevant to the outsourced service<\/span><\/li><li><span style=\"color: #000000;\">Details of how customer &amp; NBFC data is captured, processed &amp; stored, with compliance to IT Act &amp; <a href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/dpdp-rules-finalized-and-its-time-for-b2b-firms-to-act\/\">DPDP<\/a> when it comes to protecting customer data &amp; rights<\/span><\/li><li><span style=\"color: #000000;\">Contractual liability of service provider for performance &amp; practices of its subcontractors<\/span><\/li><li><span style=\"color: #000000;\">Adherence to storage of data only in India<\/span><\/li><li><span style=\"color: #000000;\">Type of materially adverse events (data breaches, service unavailability) required to be reported to the NBFC<\/span><\/li><li><span style=\"color: #000000;\">Watertight exit strategy that includes orderly transfer to new service provider<\/span><\/li><li><span style=\"color: #000000;\">Compliance with RBI when it comes to new directions and potential inspections<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-fe35e36 e-flex e-con-boxed e-con e-parent\" data-id=\"fe35e36\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-8476398 elementor-widget elementor-widget-heading\" data-id=\"8476398\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Monitoring &amp; Control Of Outsourced Activities<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d7c0e72 e-flex e-con-boxed e-con e-parent\" data-id=\"d7c0e72\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-b8cbad5 elementor-widget elementor-widget-text-editor\" data-id=\"b8cbad5\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">While the provider continues their activities, it is important to note that you as the NBFC are responsible for the confidentiality, integrity, preservation and protection of the information and customer data available to the service provider. This includes setting up perpetual processes on your part throughout the entire duration of the contract:<\/span><\/p><ul><li><span style=\"color: #000000;\">Monitoring of performance, uptime of systems &amp; resources, adherence to SLAs<\/span><\/li><li><span style=\"color: #000000;\">Regular audits that review security &amp; compliance processes of the service provider, with emphasis on incident response and testing of business continuity<\/span><\/li><li><span style=\"color: #000000;\">Ensuring that access to customer data by the service provider is strictly on a \u2018need to know\u2019 basis<\/span><\/li><li><span style=\"color: #000000;\">If the service provider serves multiple entities, the NBFC must build strong safeguards to ensure no co-mingling or combining of assets<\/span><\/li><li><span style=\"color: #000000;\">When two or more service providers collaborate to create an end-to-end solution, the NBFC must monitor the control environments of all the providers involved<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-71f59b2 e-flex e-con-boxed e-con e-parent\" data-id=\"71f59b2\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2974826 elementor-widget elementor-widget-heading\" data-id=\"2974826\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Incident Management In The Case Of Third-Party Breach<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d613a75 e-flex e-con-boxed e-con e-parent\" data-id=\"d613a75\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-48bc359 elementor-widget elementor-widget-text-editor\" data-id=\"48bc359\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Even with all the safeguards set in place, a breach can always occur in this heightened attack landscape. In that case, a strict reporting timeline has to be maintained to mitigate damage:<\/span><\/p><ul><li><span style=\"color: #000000;\">Service provider must immediately inform the NBFC once a breach has been detected The NBFC must report the incident to the RBI within 6 hours of detection by service provider <\/span><\/li><li><span style=\"color: #000000;\">Both must adhere to subsequent regulations by RBI while attempting to return operations back to normal as soon as possible<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-cdd00ed e-flex e-con-boxed e-con e-parent\" data-id=\"cdd00ed\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-32d9d34 elementor-widget elementor-widget-heading\" data-id=\"32d9d34\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Business Continuity &amp; Exit Strategy<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-e80f580 e-flex e-con-boxed e-con e-parent\" data-id=\"e80f580\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-2087a82 elementor-widget elementor-widget-text-editor\" data-id=\"2087a82\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">A regularly tested, robust framework for business continuity &amp; recovery must be maintained in cases of breaches and termination of service contract:<\/span><\/p><ul><li><span style=\"color: #000000;\">In the <b>case of a breach<\/b>, viable contingency plans like reverting to backups, bringing activity back in-house or isolating NBFC records must be swiftly implemented.<\/span><\/li><li><span style=\"color: #000000;\">In the <b>case of contract termination<\/b>, a clear exit strategy must be formed that includes elements like smooth transition and prohibition of the service provider to erase, purge, revoke or alter data during the transition period.<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-f2a406d e-flex e-con-boxed e-con e-parent\" data-id=\"f2a406d\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-02001c1 elementor-widget elementor-widget-heading\" data-id=\"02001c1\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Additional Directions For Specific Outsourcing Arrangements<span style=\"font-size: 2.5rem; font-style: inherit;\"><\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-3324692 e-flex e-con-boxed e-con e-parent\" data-id=\"3324692\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1510c90 elementor-widget elementor-widget-text-editor\" data-id=\"1510c90\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">In addition to the aforementioned requirements when it comes to service providers, RBI prescribes additional rules for specific cases:<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-d6b3c83 e-flex e-con-boxed e-con e-parent\" data-id=\"d6b3c83\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-cabd778 elementor-widget elementor-widget-heading\" data-id=\"cabd778\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Offshore Service Providers<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-7e9999d e-flex e-con-boxed e-con e-parent\" data-id=\"7e9999d\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-4ffe6ed elementor-widget elementor-widget-text-editor\" data-id=\"4ffe6ed\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">If your enterprise goes with a service provider operating beyond Indian borders, special consideration has to be given to the following factors:<\/span><\/p><ul><li><span style=\"color: #000000;\">Data localization of originals and processing only in Indian servers<\/span><\/li><li><span style=\"color: #000000;\">Management of precautionary measures related to the country &amp; jurisdictional risk of the provider<\/span><\/li><li><span style=\"color: #000000;\">Availability of records to both the NBFC and RBI at all times<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-799fb19 e-flex e-con-boxed e-con e-parent\" data-id=\"799fb19\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-c8beac9 elementor-widget elementor-widget-heading\" data-id=\"c8beac9\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Outsourcing Of SOC Services<\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-5631803 e-flex e-con-boxed e-con e-parent\" data-id=\"5631803\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-ebac8c7 elementor-widget elementor-widget-text-editor\" data-id=\"ebac8c7\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Should you decide to go with a service provider for your Security Operations Centre, like iValue\u2019s industry-leading, <a href=\"https:\/\/ivaluegroup.com\/en-in\/services\/enterprise-security-management-esm\/\">24&#215;7 SOC,<\/a> the following must be ensured on your part:<\/span><\/p><ul><li><span style=\"color: #000000;\">Identification of asset owners used in providing the service (systems, software, source code, etc.)<\/span><\/li><li><span style=\"color: #000000;\">Adequate oversight &amp; ownership over rule definition and customisation along with related data, logs, metadata &amp; analytics<\/span><\/li><li><span style=\"color: #000000;\">Assessment of SOC functioning when it comes to handling alerts of events<\/span><\/li><li><span style=\"color: #000000;\">Full integration of SOC reporting &amp; escalation process with previously mentioned RBI timelines<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b951013 e-flex e-con-boxed e-con e-parent\" data-id=\"b951013\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-f9ff983 elementor-widget elementor-widget-heading\" data-id=\"f9ff983\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">Outsourcing Of Cloud Services<span style=\"font-size: 1.5rem; font-style: inherit;\"><\/span><\/h4>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-6d7c022 e-flex e-con-boxed e-con e-parent\" data-id=\"6d7c022\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5032f57 elementor-widget elementor-widget-text-editor\" data-id=\"5032f57\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">For all cloud-based IaaS, PaaS and SaaS related services you are planning to outsource, additional oversight must be placed on all these security measures because of the increasing prevalence of cloud-based attacks:<\/span><\/p><ul><li><span style=\"color: #000000;\"><strong>Container Security:<\/strong> A standard set of tools &amp; processes must be maintained to manage containers, images and releases, with encryption keys and HSMs under the control of the NBFC.<\/span><\/li><li><span style=\"color: #000000;\"><strong>Multi-Tenancy Management:<\/strong> Since public and hybrid clouds deal with multiple clients, you must set up protective safeguards against co-mingling of data.<\/span><\/li><li><span style=\"color: #000000;\"><strong>Stringent Access Controls:<\/strong> Role-based least privilege access policies that implement segregation of duties must be maintained at all times, with strong <a href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/ivalue-whitepapers\/best-practices-for-phishing-resistant-mfa-in-apac-critical-infrastructure\/\">MFA<\/a> as a means of authentication. Best practices prescribed by RBI involve adherence to <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-210.pdf\" target=\"_blank\" rel=\"noopener\">NIST SP 800-210 General Access Control Guidance For Cloud Systems.<\/a><\/span><\/li><li><span style=\"color: #000000;\"><strong>Threat-Intelligent Monitoring:<\/strong> In addition to integrating logs and events from your CSP into your SOC, you must continuously test exposures to vulnerabilities &amp; threats based on the latest threat intelligence.<\/span><\/li><\/ul>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-b021b18 e-flex e-con-boxed e-con e-parent\" data-id=\"b021b18\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-1d686b5 elementor-widget elementor-widget-heading\" data-id=\"1d686b5\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">A Concerted, Enterprise-Wide Push To Ensure Directions Are Met<span style=\"font-size: 2.5rem; font-style: inherit;\"><\/span><\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-40b6512 e-flex e-con-boxed e-con e-parent\" data-id=\"40b6512\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-3643417 elementor-widget elementor-widget-text-editor\" data-id=\"3643417\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Considering all the processes your enterprise has to start building from the ground up to adhere to these directions, RBI also provides roles &amp; responsibilities starting from the top level and filtering down to your IT teams:<\/span><\/p><div><div dir=\"ltr\" style=\"margin-left: 0pt;\" align=\"left\"><table style=\"border-collapse: collapse; border: initial none initial;\"><colgroup><col width=\"188\" \/><col width=\"203\" \/><col width=\"182\" \/><\/colgroup><tbody><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Board<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">(For Ultimate Accountability)<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Senior Management<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">(For Execution &amp; Control)<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">IT Function<\/span><\/p><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-weight: bold; font-style: italic; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">(For Operational Assurance)<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Sets overall risk appetite for outsourcing<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Translates risk appetite into policies &amp; procedures<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Identifies and assesses outsourcing risks<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Approves outsourcing policy &amp; materiality criteria<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Evaluates all proposed &amp; existing outsourcing arrangements<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Classifies vendors by risk &amp; criticality, with central inventory of supply chains<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Decides which activities are outsourced to what vendor<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Oversees vendor performance &amp; risk on an ongoing basis\u00a0<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Monitors SLAs, uptime and security controls<\/span><\/p><\/td><\/tr><tr style=\"height: 0pt;\"><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Reviews major incidents, breaches and control failures<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Ensures cyber incidents are escalated and reported on time<\/span><\/p><\/td><td style=\"border-width: 1pt; border-color: #000000; vertical-align: top; padding: 5pt; overflow: hidden; overflow-wrap: break-word;\"><p dir=\"ltr\" style=\"line-height: 1.2; text-align: center; margin-top: 0pt; margin-bottom: 0pt;\"><span style=\"font-size: 10pt; font-family: Montserrat, sans-serif; color: #000000; background-color: transparent; font-variant-numeric: normal; font-variant-east-asian: normal; font-variant-alternates: normal; font-variant-position: normal; font-variant-emoji: normal; vertical-align: baseline; white-space-collapse: preserve;\">Detects incidents &amp; triggers escalations<\/span><\/p><\/td><\/tr><\/tbody><\/table><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-fc13c2c e-flex e-con-boxed e-con e-parent\" data-id=\"fc13c2c\" data-element_type=\"container\" data-core-v316-plus=\"true\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-46cb282 elementor-widget elementor-widget-text-editor\" data-id=\"46cb282\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p><span style=\"color: #000000;\">Now, the question is: where does iValue fit into all of this? In addition to being a service provider for a wide variety of cutting-edge data security services that completely adhere to these directions, iValue is also a compliance partner for all enterprises looking to streamline implementation to all the regulations that apply to them (including all RBI and DPDP requirements). Our industry-renowned supply chain management services mix local expertise and leading automation to ensure 100% compliance at all times, so that your business can focus on what it does best.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>A Highly Targeted Industry With A Highly Vulnerable Supply Chain As India\u2019s financial prowess grows in unison with its expanding role as a world superpower, the country\u2019s BFSI industry faces increased scrutiny\u2026 from customers, from regulators and from cyberattackers. In DSCI\u2019s India Cyber Threat Report 2025, BFSI comes in the Top 3 most targeted industries, &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/ivaluegroup.com\/en-in\/resources\/blogs\/third-party-risk-management-for-nbfcs-under-rbi-directions-2025\/\"> <span class=\"screen-reader-text\">Third-Party Risk Management for NBFCs Under RBI Directions 2025<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":26987,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[131],"tags":[522,200,643,642,256,514,644,645],"whitepapers":[],"case_studies":[],"acf":[],"_links":{"self":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/26982"}],"collection":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/comments?post=26982"}],"version-history":[{"count":5,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/26982\/revisions"}],"predecessor-version":[{"id":26988,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/posts\/26982\/revisions\/26988"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/media\/26987"}],"wp:attachment":[{"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/media?parent=26982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/categories?post=26982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/tags?post=26982"},{"taxonomy":"whitepapers","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/whitepapers?post=26982"},{"taxonomy":"case_studies","embeddable":true,"href":"https:\/\/ivaluegroup.com\/en-in\/wp-json\/wp\/v2\/case_studies?post=26982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}