Layer 1 · Risk Managers · Auditors — implementation
RBI Control Catalogue
Every control domain from MD-ITGRC 2023, numbered, in plain English with entity scope and 2023 status.
| # | Domain / Control Area | Key Requirement (Plain English) | Entity Scope | Status |
|---|---|---|---|---|
| 1 | IT Governance Structure | Board must constitute an IT Strategy Committee; CTO/CISO must have board-level reporting line; IT risk integrated into enterprise risk framework | Banks, NBFCs (asset >₹1000 Cr), UCBs | New 2023 |
| 2 | Information Security Policy | Board-approved IS policy reviewed annually; covers data classification, access control, incident response, and third-party risk | All REs | Updated 2023 |
| 3 | IT Risk Assessment | Formal IT risk assessment at least annually; results reported to Board IT Committee; risk appetite statement for IT risk defined | All REs | Updated 2023 |
Unlock all 22 rows — Pro
Sign in to unlock — every free trial includes full Pro access to the deep-dive catalogues.
Sign in to unlockCatalogue curated from MD-ITGRC 2023. Always verify against the source Master Direction at rbi.org.in before relying on a clause.