BNP Paribas Group is a leading European bank
with a strong global footprint across 72 markets and more than 202,000
employees. The Group provides corporates, institutional
and private investors with product and service solutions tailored to their
specific needs. It offers a wide range of financial services covering corporate
& institutional banking, wealth management, asset management, insurance, as
well as retail banking and consumer financing through strategic partnerships”.
About BNP Paribas India Solutions:
Established in 2005,
BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group,
a leading bank in Europe with an international reach. With delivery centers
located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner
various business lines of BNP Paribas such as Corporate and Institutional
Banking, Wealth Management, Retail Banking through three verticals -
Information Technology, Operations and Finance Shared Services.
About Business line/Function : BP2S IT Risk and
Security risk management policy
(SRM-L2-00), and aligned with the Group 2OPC approach related to risks
cartography (CG0121EN and COP0028EN).
Cross references to Risk
analysis methodology user guide (SRM-L4-01) are also provided to aid
comprehension of the risk analysis methodology proposed by GGS (which is based
on EBIOS methodology).
Risk level is the combination of
the severity of impacts (or consequences), that can be assessed through
the Impact Severity Matrix sheet, and of the likelihood for a feared
event, that can be assessed though the likelihood Matrix sheet.
For Impact study please consider
the below support information:
Impact severity level is used to
assess risk level (in combination with likelihood of threat scenarios) and
relies on the potential consequences of a feared event on an essential asset
(to be assessed by the business).
For a feared event, the severity level can be different depending on each type
of impact. Hence, the final severity level for each feared event should
correspond to the highest severity level assessed amongst all impact types;
Criticality of assets is bound to security needs, to be evaluated for
Confidentiality, Integrity, Availability, and Traceability (combines
Non-repudiation and Authenticity);
Sensitivity is used to describe the criticality of data and information. Sensitive
data hence means that this data or information is a critical asset, in
particular in terms of Confidentiality (but it may also concern other security
Although impacts with high
severity levels are more likely when essential assets are concerned,
criticality level is not directly used to calculate risk level (severity level
is used instead).
Manage BP2S Global IT Continuity activities from Chennai as extended team of
Paris CYBER Security team.
To consolidate and
maintain the list of the critical IT assets of the entity;
To ensure the quality
of the IT Continuity data in referential;
To monitor the plans of
follow-up and chase for open topics until closure is achieved;
To collect IT Continuity documentation and evidences
from projects, studies and IT production from all locations;
To interface with permanent control agents and teams
to provide required evidences.
IT Continuity Assistant
The Information Continuity Specialist’s
mission is to participate in the overall management of IT Continuity risks and
He/She fosters the community of BNP Paribas
Securities Services IT Continuity in close connection with Group business
continuity, the Group Security and permanent control.
He/She plays a part of coordination and
assistance on the IT area in order to ensure the good professionalization and
the organization based on the requirements, methodologies and tools used.
has the role of monitoring and controlling the IT Continuity within the entity,
to collaborate and communicate with the IT Continuity Teams in other locations.