What has the Individual Accountability Framework (IAF) got to do with cyber security?

[Reading time: 33 seconds]

I attended the Compliance Institute’s annual conference yesterday. (The Compliance Institute is a membership organisation for those who work in compliance roles within regulated financial services firms.)

I was surprised that DORA (Digital Operational Resilience Act) was not on the agenda. In its place was the Individual Accountability Framework (IAF).

IAF is a regulation that comes into effect in Ireland at the end of this year, and focuses on the accountability of senior individuals to run their parts of the business effectively. If they don’t, they will be held accountable for their (in)action by the Central Bank – i.e. A career ending move.

What has this got to do with cyber security?

If you work in a regulated financial services firm…

• Is it clear who is ultimately accountable for cyber security in your firm?
• And does that person know what ‘appropriate security controls’ look like?

Because whether they do know or they don’t know:

They will be held accountable for them..

in about 6 weeks!

PS If they don’t know where to start, start by calling me.