Our Cybersecurity Programme

OUR APPROACH
We adopt a whole-of-organisation approach to effectively manage cyber risk and attain cyber resilience. This approach encompasses the following:
Review

Review

Undertake proactive assessments and periodic revisions of our information security and digital (i.e. cyber and technology) risk framework, policies and standards, taking into account the dynamically evolving risk landscape and increasing regulatory requirements.
Transform

Transform

Strengthen our preventive, detective and responsive capabilities.

This includes the deployment of advanced security tools and solutions to enhance the collection and analysis of security logs, thereby improving our ability to detect and respond to potential anomalies.

React

React

Conduct routine vulnerability assessments and penetration tests of the Bank’s IT systems to identify and remediate security gaps.

Furthermore, we regularly engage in cyber-related tabletop exercises, adversarial attack simulation exercises (known as Red Teaming) and disaster recovery drills to validate the effectiveness of the Bank’s established processes and controls.

Develop

Develop

Enhance our employees’ cyber vigilance and competencies through the Cyber Smart Programme. This is a multi-year programme affiliated to the Group-wide Future Smart programme.

It assesses and improves employees’ knowledge, skills and demonstrated behaviours in managing risks related to cybersecurity, data protection and social engineering.

Our approach comprises a comprehensive set of risk management framework, policies and standards. These incorporate key regulatory expectations and align with international industry guidance on key areas such as risk management practices, information security and cyber resilience. They are reviewed regularly and approved by relevant risk committee such as the Group Information Security and Digital Risk Management Committee and Board Risk Management Committee.

Information Security and Digital Risk Policy

This Policy establishes the control expectations from organisational responsibilities to specific information security and digital risk (including technology and cyber risks) domains to manage risk arising from internal and external threats to the Group’s information assets and personnel.

These control expectations are stipulated with the intention of ensuring the confidentiality, integrity and availability of the Group’s information assets.
Acceptable Use Sub-Policy

This Policy defines the proper conduct and use of the Group’s information assets (encompassing technology equipment, information and software services), as well as communication services.
Information Classification and Handling Sub-Policy

This Policy establishes the control expectations for ownership, classification, and handling of information to protect them from unauthorised access and disclosure.

Are you sure you want to leave our site?

You are leaving the OCBC Bank website and about to enter a third party website that OCBC Bank has no control over and is not responsible for. Before you proceed to use the third party website, please review the terms of use and privacy policy of their website. OCBC Bank’s Conditions of Access and Privacy and Security Policies do not apply at third party websites.
I would like to stayLeave website