The Information and Cybersecurity Department at PFRDA plays a crucial role in safeguarding the organization's information assets. This department is responsible for protecting these assets from unauthorized access, use, disclosure, disruption, modification, or destruction. By managing all aspects of information and cybersecurity within PFRDA-regulated system, the department ensures the integrity, confidentiality, and availability of critical information.
Key Functions of the Department
1. Developing and Implementing Cybersecurity Policies and Procedures: The department develops and implements a comprehensive cybersecurity program that outlines PFRDA's security goals and objectives. This includes creating specific cybersecurity policies, procedures, standards, and guidelines for both internal implementation and Regulated Entities.
2. Developing and Implementing Security Architecture: The department is responsible for designing and maintaining a robust security architecture for the organization.
3. Conducting Security Assessments and Audits: Regular security assessments and audits are conducted to identify and address gaps in the cybersecurity policy and its implementation. The cybersecurity department collaborates with other departments to provide cybersecurity inputs and assist in supervising regulated entities (REs) or intermediaries.
4. Responding to Cybersecurity Incidents: The department coordinates responses to security incidents, analyzes them to prevent recurrence, and reports incidents to relevant organizations.
5. Creating Cybersecurity Awareness: Raising awareness about cybersecurity best practices among stakeholders is a key function. The department issues advisories and alerts to its stakeholders to keep them informed about the latest cybersecurity threats and best practices.
6. Interaction with other Regulatory Bodies and external Cybersecurity Institutes: The department interacts with other regulatory bodies and external agencies such as CERT-In, NCIIPC, DSCI, etc. to maintain and enhance the organization's information security.
