The business landscape as we know it is going through an extreme makeover as a result of rapid advances in technology. This digital transformation has resulted in stronger opportunities to transform and change existing business models, consumption patterns, socio-economic structures, legal and policy measures, organizational patterns and cross-country barriers.
Information Technology operations have become more dynamic and include distributed environments, integrated applications, telecommunication options, internet connectivity, and an array of computer operating platforms.
As the complexity of technology grows, information systems and networks are faced with control weaknesses.
The main objective of the IT, Cyber and Operational Risk (ICOR) Department is to promote and ensure sound information technology practices to safeguard the interest of the supervised institutions’ key stakeholders, reputation, brand and value creating activities. As supervised institutions play a crucial role in our economy, it is important, that the effects of disruptions, cyber threats, privacy violations and other information technology threats regarding services to the public are mitigated. This will contribute to maintain public trust and confidence in our financial sector.
In order to promote and ensure sound practices, the department:
- performs on site IT Examinations;
- performs off-site IT Examinations by creating, sending, collecting and analyzing IT questionnaires using an automated system ‘SIIQ’;
- carries out management meetings based on off-site observed control weaknesses;
- issues and maintains provisions and guidelines for:
- Cyber Security Management;
- Information Security Management;
- Governance of enterprise IT;
- Business Continuity Management;
- IT Service Management, including outsourcing and cloud computing;
- Development and Acquisition of applications.
Next to these official tasks, ICOR is also actively involved in the ISACA Curaçao Chapter. The aim is to:
- Educate on emerging challenges in Information Technology;
- Promote the field of IT governance, security, audit and assurance;
- Promote the use of globally accepted, industry-leading knowledge and practices.