EFAMA: IIFA cybersecurity program basics
28 October 2019
As part of a global initiative led by the International Investment Funds Association (IIFA) and supported by investment fund associations from around the world, EFAMA presents the 'IIFA Cybersecurity Program Basics', a document that lays out the key cyber-prevention standards for investment management companies.
The initiative marks an important step for the global asset management industry to define commonly-shared principles that firms should apply in order to minimize the likelihood of cyber incidents. The principles are:
-
Establish an overarching cyber-security framework
-
Conduct cyber-risk awareness trainings with company staff
-
Have an incident response plan
-
Conduct tabletop exercises to “test" such response plan
-
Establish and monitor normal network activity
-
Participate in trusted information sharing networks.
These six principles are recommended to any firm looking to adopt cyber-hygiene standards, or improve their existing ones.
The document includes useful links to publicly available resources that firms can refer to when setting up the above measures.
This initiative is complementary to a number of other cyber-security initiatives undertaken by EFAMA under the aegis of the International Organization of Securities Commissions (IOSCO).
Full statement on EFAMA
Full document on EFAMA
© EFAMA - European Fund and Asset Management Association
