תקן אבטחת מידע
ISO 27001
Auditor's report to the Securities Authority
The Financial Information Services Law enacted in November 2021 authorized the Securities Authority to grant licenses to provide financial information services to corporations that meet the requirements set forth in the law, and to supervise the holder of said licenses in accordance with the principles established by the law. The law regulates in legislation the field of open banking in Israel.
In order to obtain a license from the Securities Authority, you must fill out an application and attach a list of documents that include, among other things, an opinion from an information systems auditor that must meet the following conditions:
2. The applicant undertakes to keep all the documents used to prepare the auditor's opinion for a period not less than three years from the date of the opinion
1. An auditor's opinion will be according to accepted rules, regarding the fulfillment of the requirements listed in the instruction concerning the protection of information and cyber, including the requirements according to chapters 5 to 7 of the instruction, the adequacy of the applicant's information systems, the online channel systems, the applicant's security measures and compliance with standards Internationally accepted information security or according to the latest defense theory, published by the National Cyber System.
A reviewer is someone who meets all of these:
1. An individual resident of Israel.
2. Has at least three years of experience in performing technological audits.
3. The auditor or the corporation in which he works or is a partner, does not have a conflict of interest or dependency in connection with the opinion, with the exception of receiving a fee for preparing the opinion from the applicant.
4. Holder of an academic degree related to the matter, from a higher education institution in Israel recognized by the Higher Education Council.
5. Has a certification in information systems auditing or information systems security that is one of these certifications or similar to it: CISA; CRISC; or a certified accountant in Israel specializing in information systems.
6. Confirmation that the person in charge of information security and cyber protection at the applicant, as stated in section 30(c) of the directive, meets the conditions set forth in section 32 of the directive.
7. Details regarding how the applicant's online channels and databases are stored.
8. If the applicant for the license had a certification related to the matter in the field of information security, such as compliance with recognized information security standards, he shall attach a certificate to that effect to his request.
The steps of the process
1. A review of the information security procedures that exist in the organization, and their adaptation to the types of systems and technological infrastructures that exist and the production of a report.
2. Examining the existing information security policy and identifying points for improvement and preservation and incorporating existing measures in order to optimize the information security system.
3. Examination of the existing databases in the organization and their adaptation to the relevant legal requirements.
4. Examining the awareness of the human factor in the organization through an employee awareness survey. Familiarity with cyber risks and network threats will be a great improvement in the protection of corporate information.
5. Comprehensive testing of all endpoints and servers in the organization.