All business entities in Pakistan have been warned by the Securities and Exchange Commission of Pakistan (SECP) regarding the selection of cloud service providers. SECP has said that organizations must ensure that they do not choose a service provider that is providing the services through their data centres located in any of the hostile country, such as India and Israel, among others.
SECP has also issued Cloud Adoption Guidelines for Incorporated Companies/Business Entities, which will be applicable to all companies registered with SECP under the Companies Act 2017, Securities Act 2015, Insurance Ordinance 2000 and NBFC Regulations 2008 etc.
The commission has stated that the business entities review all service providers before deciding which one to choose. The organization should assess if the cyber security requirements are met by the Cloud model under consideration.
There requirements should assessed by comparing them with Pakistan Cloud First Policy 2021, National Cybersecurity Policy 2021, sector specific guidelines, authentication requirements and other specific cyber security measures and regulations.
The authority further said that there is a strong demand for cloud adoption by organizations “for cloud-based server capacity, information and database management, security, system and user access management, ERP, CRM and collaboration tools”.
“Throughout the adoption process, BEs need to focus on the areas of trust, security, legal, compliance and organizational issues”, it added.