Article (26)
Effective from Feb 01 2025 - Nov 04 2011
To view other versions open the versions tab on the right
Companies shall establish data and information security protection controls for the information they have or obtain, and they shall:
| 1. | record, maintain, reconcile, collect, process and classify credit information in a proper and suitable manner to facilitate reference to such information; | |||
| 2. | protect information from loss, which includes the adoption of backup systems and the development of contingency recovery plans as well as business continuity plans; | |||
| 3. | protect credit information from unauthorized access, usage, modification, or disclosure in violation of the Law and its Implementing Regulations; | |||
| 4. | establish controls and procedures to be applied upon members' request to check credit records; | |||
| 5. | review the company’s staff confidentiality controls regularly; | |||
| 6. | review usage patterns of information systems regularly to detect and investigate any unusual usage patterns; | |||
| 7. | maintain records for all access, modification and audit cases of credit information database, including previous enquiry records as well as all incident records that imply confirmed or suspected violations; and | |||
| 8. | provide sufficient knowledge to the authorized member representatives concerning the international best security practices relating to the working rules. | |||