Skip to main content

I. Chief Information Security Officer and Management

1. VASPs must appoint a Chief Information Security Officer [CISO] who is responsible for ensuring that the VASP complies with Part I and Part III of this Technology and Information Rulebook. The CISO must be a separate individual from the CO however the CISO may also take on the responsibilities of the Data Protection Officer under Rule II.B.2 of this Technology and Information Rulebook.
2. The CISO must be of sufficiently good standing and appropriately experienced.
3. Senior Management must regularly assess and review the effectiveness of the VASP’s systems, controls, policies and procedures in relation to the VASP’s compliance with this Technology and Information Rulebook and all applicable laws and regulatory requirements, as well as allocate duties and apportion roles and responsibilities within the VASP to prevent conflicts of interests.