Notice

NePS Information Security Management System (ISMS)

NePS Information Security Management System (ISMS)

Nepal Electronic Payment Systems Limited (NePS) is a Payment System Operator (PSO) licensed by Nepal Rastra Bank and promoted by banks and financial institutions in Nepal. NePS formulated as consortium of national level commercial banks and intended for more reliable and secure environment with rapidly evolving new technologies. NePS provide uniform issuance and acquiring model for different payment channels for its member banks.

The establishment and implementation of an organization's information security management system is influenced by the organization's needs, objectives, security requirements, organizational processes, and structure of the organization.

1. NePS shall maintain the CIA of the information assets within the IT and IS policy scope defined in Cryptography/Data Encryption and Teleworking/Remote Access Policy.

2. NePS shall comply with, and the entire IT and IS policy shall be in line with legal, NRB regulatory, and contractual requirements relevant to NePS.

3. NePS shall design and integrate in the Human Resources (HR) processes to ensure that appropriate security measures are taken during the employee lifecycle.

4. NePS management shall continuously demonstrate its leadership and commitment towards information security by continual improvement of IS steering committee and incident response team functions and their periodic management reviews.

5. NePS shall ensure integration of IT and IS policy into core IT system and secure operation of its information systems.

6. Strict confidentially will be observed for the protection and safeguarding of confidential organizational information, information about users/consultants, third parties, vendor/suppliers, and periodic backups.

7. NePS shall establish documented IT and IS policy and follow related procedures/processes appropriately and make available to its employees and ensure its understanding through proper training.

8. NePS shall record and analyze actual or suspected information security incident.

9. NePS shall maintain application systems and business processes that are critical to the NePS and plan for continuity of operations in the event of business disruptions.

10. NePS shall maintain compliance certification as per NRB directive.

11. NePS shall promote continual improvement on IT and IS policy based on feedbacks, incidents, and audit findings through ISO 27001:2013 certification.

12. NePS shall regularly update/review the IT and IS policy as required to maintain information security of the organization to optimum level.