Third Line of Defense
The Internal Audit Division (IAD) is responsible for ensuring that the first and second lines of defense are functioning as expected.
Cybersecurity Risk Management
Cybersecurity Risk Management Implementers
In implementing cybersecurity risk management, BCA involves the roles of work units up to the Board of Governance (Board of Commissioners & Directors)
Second Line of Defense
The Cyber Security Risk Management (CSM) Subdivision is responsible for developing and monitoring the implementation of overall cybersecurity risk management as part of the governance process.
First Line of Defense
The Information Technology Security Group (ISG) is a unit/function that has independence in handling the implementation of cyber security and resilience processes, as well as IT management.