The NBG developed guidelines for the use of cloud outsourcing services to apply to commercial banks and micro-banks. The guidelines were developed based on the supervisory strategy of the National Bank of Georgia, as well as to respond to the growing trend of financial institutions using cloud outsourcing services.

In an environment of digital transformation and growing cyber risks, it is important for financial institutions to implement appropriate processes and mechanisms that ensure operational resilience, including cyber security.

This guideline serves as a preventive mechanism that requests financial institutions to base their decisions on cloud outsourcing services on a strategic need, to properly assess security risks related to the cloud outsourcing environment, to be certain there are reasonable assurances about cyber and information security practices of the service providers. it is also important for the financial institutions to develop an exit strategy from cloud outsourcing services in advance.

The requirements set out in the cloud outsourcing service guidelines are based on instructions and recommendations of reputable international organizations.

 

The draft guidelines are published on the NBG website for consultation and stakeholder feedback. Suggestions, comments and questions can be sent to CyberSecSupervision@nbg.gov.ge before June 29 of the current year.