Hi Dejan
*** is progressing with its Electronic Money Institution (EMI) licence with the Central Bank of YYYY.
Below is a query received from the Institution:
13.1(h) A detailed risk assessment in relation to its payment services, including fraud:
a. Please provide verification of the progress of the gap analysis the firm is undertaking against ISO 27001.
Would you be able to advise if we conduct a risk assessment specifically of payment services to ID the gaps this may suffice for the Institution? Or is there another process we could do?
Assign topic to the user
From the provided requirement, a risk assessment covering specifically the payment services is enough to fulfill it. Depending upon where this process is performed, you may also consider risks related to supplier management (e.g., the payment process is performed using a cloud service provider).
For further information, see:
- ISO 27001 Risk Assessment, Treatment, & Management: The Complete Guide https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
Comment as guest or Sign in
Jan 20, 2023