Cyber & Information Security Directive


This document provides a framework for establishing Cyber and Information Security protocols and procedures for routine and emergency scenarios, delegation of responsibilities, inter-and intra-company communication and cooperation, coordination with government authorities, establishment of reporting mechanisms, physical security measures for IT Data centres and Control Rooms, and assurance of data and network security.

General contents cover the following major sections:

  • Preliminary Matters
  • Governance
  • Cyber Security Risk Management (including frameworks, risk assessments, risk mitigation, monitoring and reporting)
  • Asset Management
  • Cyber Defence
  • Cyber Response
  • Employee Access to ICT Systems
  • Electronic Banking Services
  • Training, Awareness and Competence
  • External Connections
  • Cloud Services
  • Banks with International Affiliation
  • Physical Security
  • Human Resource Management
  • Contractual Aspects
  • Interpretation
  • Implementation Schedule

Objectives of the Directive

  • Create a secure environment within cyberspace for the financial services industry and generate adequate trust and confidence in ICT systems as well as transactions in the cyberspace;
  • Create an assuranceframework for design of security policies and for promotion of compliance to global security standards and best practices by way of cyber and information security assessment;
  • Strengthen the Regulatory framework for ensuring a secure environment within cyberspace;
  • Enhance the protection and resilience of the financial systems' operation and provide security practices related to the design, acquisition, development, and use ofoperation information resources
  • Improve the integrity of ICT products and services by establishing infrastructure for testing and validation of security of these products and services;
  • Promote continuous cyberand informationsecurity risk assessment;
  • Promote awareness creation and ensure human resource security.



Document Details

Document Type: 
Document Topic: 
Doument Author (Entity): 
Authoring Country: 
Originating Country or Trade Block: 
Issue Status: 
Year of Document: 
Date of Document: 
Monday, October 1, 2018
Document Authors: 
Bank of Ghana
Language (This Document): 

Legal Disclaimer: The content appearing on this site is for general information purposes only and made available on an "AS-IS" basis. The law is subject to change and no representation or warranty is made with regard to accuracy or fitness for a particular purpose.