PBCOM's Information Security Framework is supported by relevant documentation, namely: Operating Principles, Enterprise IS Policy and Programs, which are periodically reviewed and updated to conform to the minimum provisions prescribed by the regulatory authorities, statutes and generally accepted security standards. With the advent of more sophisticated cybersecurity incidents in the country, there is a compelling need to continuously enhance the safeguarding of the Bank’s information assets. Information Security play a key role in ensuring protection of information and IT systems, hence, preserving its confidentiality, integrity and availability, particularly during system migration, launching of new products and services, and other initiatives involving third-party services.
The enhanced Information Security Awareness Program sustains employee security awareness and level of maturity by way of regular dissemination of critical information to all employees of the Bank done through PBCOM On-Boarding for New Employees (P-ONE), the Continuing Education Program via Computer-Based Training (CBT) and e-mail publications called InFoSec Bytes and IS Alerts. These channels provide timely transmission of information security related issues needing urgent attention of all employees such as but not limited to, distribution of information security documentation updates, cybersecurity incidents, ATM attacks like card skimming, jackpotting and deep insert, social engineering attacks perpetrated through phishing, vishing or smishing, and other security related fraudulent activities.
The Bank’s Chief Information Security Officer (CISO) spearheads adherence to regulatory requirements and ensures early resolution of noted security issues cited by both internal and external reviewers.
Information Security Tips