SAQA All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.
SOUTH AFRICAN QUALIFICATIONS AUTHORITY 
REGISTERED UNIT STANDARD THAT HAS PASSED THE END DATE: 

Monitor and manage information technology risks in a banking environment 
SAQA US ID UNIT STANDARD TITLE
7338  Monitor and manage information technology risks in a banking environment 
ORIGINATOR
SGB Banking and Micro Finance 
PRIMARY OR DELEGATED QUALITY ASSURANCE FUNCTIONARY
BANKSETA - Banking Sector Education and Training Authority 
FIELD SUBFIELD
Field 03 - Business, Commerce and Management Studies Finance, Economics and Accounting 
ABET BAND UNIT STANDARD TYPE PRE-2009 NQF LEVEL NQF LEVEL CREDITS
Undefined  Regular  Level 5  Level TBA: Pre-2009 was L5  35 
REGISTRATION STATUS REGISTRATION START DATE REGISTRATION END DATE SAQA DECISION NUMBER
Passed the End Date -
Status was "Reregistered" 
2018-07-01  2023-06-30  SAQA 06120/18 
LAST DATE FOR ENROLMENT LAST DATE FOR ACHIEVEMENT
2024-06-30   2027-06-30  

In all of the tables in this document, both the pre-2009 NQF Level and the NQF Level is shown. In the text (purpose statements, qualification rules, etc), any references to NQF Levels are to the pre-2009 levels unless specifically stated otherwise.  

This unit standard does not replace any other unit standard and is not replaced by any other unit standard. 

PURPOSE OF THE UNIT STANDARD 
This unit standard is intended for people who will be required to monitor and manage Information Technology risks within the specified business units/divisions. Persons credited with this unit standard will be able to identify potential information technology risks and establish the impact thereof on the business, analyse, monitor and take appropriate action to control these risks. 

LEARNING ASSUMED TO BE IN PLACE AND RECOGNITION OF PRIOR LEARNING 
Persons attempting this unit standard must have in depth knowledge of information security concepts and practices, have a good technical understanding of the platform and/or network being monitored/managed. 

UNIT STANDARD RANGE 
Areas of information technology risk include but is not limited to:
Confidentiality of information
Integrating of information
Availability of information
Information processing platforms and networks.
Confidentiality of information 

UNIT STANDARD OUTCOME HEADER 
Identify potential information technology risks to 

Specific Outcomes and Assessment Criteria: 

SPECIFIC OUTCOME 1 
Identify potential information technology risks to establish the impact on the business. 
OUTCOME RANGE 
Risks in technology include but are not limited to:

Confidentiality, Integrity, Denial of service/availability, Unauthorised disclosure/modification of information, Destruction of information. 

ASSESSMENT CRITERIA
 

ASSESSMENT CRITERION 1 
1. Scenarios around information technology risks are identified to establish the impact on the business, as per company specific requirements. 

ASSESSMENT CRITERION 2 
2. Control measures and techniques are implemented and tested against all possible risks identified as per company specific requirements. 

ASSESSMENT CRITERION 3 
3. Service level agreements are drawn up with all information technology users to enable business continuity as per company specific requirements. 

ASSESSMENT CRITERION 4 
4. Controls are reviewed and updated on a timely basis as per company specific requirements. 

ASSESSMENT CRITERION 5 
5. Information security policy, standards and good practice procedures are identified, developed and documented as per company specific requirements. 

SPECIFIC OUTCOME 2 
Analyse identified information technology risks. 

ASSESSMENT CRITERIA
 

ASSESSMENT CRITERION 1 
1. The potential impact of the risk is quantified as per company specific requirements. 

ASSESSMENT CRITERION 2 
2. Causes of the risk are identified as per company specific requirements. 

ASSESSMENT CRITERION 3 
3. Procedures to minimise the impact of the risk on the business are identified, developed and implemented as per company specific requirements. 

ASSESSMENT CRITERION 4 
4. Compliance to procedures implemented is performed as per company specific guidelines. 

SPECIFIC OUTCOME 3 
Monitor and control information technology risks. 

ASSESSMENT CRITERIA
 

ASSESSMENT CRITERION 1 
1. Functionalities of information technology are monitored on a regular basis as per company specific requirements. 
ASSESSMENT CRITERION RANGE 
Functionalities include but are not limited to capacity, connectivity.
 

ASSESSMENT CRITERION 2 
2. Control deficiencies are identified and analysed as per processes followed to minimise re-occurrences of the risk. 

ASSESSMENT CRITERION 3 
3. Access to and utilisation of information assets are monitored to establish the risk to the business as per company specific requirements. 

ASSESSMENT CRITERION 4 
4. The back up of essential data is monitored regularly as per company specific guidelines. 

ASSESSMENT CRITERION 5 
5. Reports are written and submitted on a regularly basis to the relevant authorities as per company specific requirements. 

ASSESSMENT CRITERION 6 
6. Follow up checks on reports are carried out and deviations are action planned as per company specific requirements. 

ASSESSMENT CRITERION 7 
7. The processing platforms and network is managed as per company specific requirements. 
ASSESSMENT CRITERION RANGE 
Processing platforms and network utilisation includes but is not limited to costs, capacity.
 

ASSESSMENT CRITERION 8 
8. Statistics are maintained so that losses/violations can be measured as per company specific requirements. 


UNIT STANDARD ACCREDITATION AND MODERATION OPTIONS 
Anyone assessing a learner against this unit standard must be registered as an assessor with the relevant ETQA. Any institution offering learning that will enable achievement of this unit standard or assessing this unit standard must be accredited as a provider with the relevant ETQA.


Moderation Option:

Moderation of assessment will be overseen by the relevant ETQA according to the moderation guidelines in the relevant qualification and the agreed ETQA procedures. Therefore anyone wishing to be assessed against this unit standard may apply to be assessed by any assessment agency, assessor or provider institution which is accredited by the relevant ETQA. 

UNIT STANDARD ESSENTIAL EMBEDDED KNOWLEDGE 
  • Have knowledge of product suites
  • Have knowledge of Networks
  • Have knowledge of security principles relating to Technology Risk 


  • Critical Cross-field Outcomes (CCFO): 

    UNIT STANDARD CCFO IDENTIFYING 
    The learner is able to identify and solve problems when monitoring technology risks, ensuring all possible control deficiencies are identified and analysed to minimise re-occurrence of the risk. 

    UNIT STANDARD CCFO WORKING 
    The learner is able to work effectively with others when drawing up Service Level agreements with information technology users, ensuring business continuity in the case of unforeseen technology breakdown. 

    UNIT STANDARD CCFO COLLECTING 
    The learner is able to collect, organise and critically evaluate information when analysing identified technology risks, ensuring procedures to minimise the impact of the risks are based on complete and accurate information. 

    UNIT STANDARD CCFO COMMUNICATING 
    The learner is able to communicate effectively both verbally and in writing when reporting on the control of technology risks, ensuring all relevant parties are aware of and fully understand their roles with regard to issues such as the back up of essential data. 

    UNIT STANDARD CCFO DEMONSTRATING 
    The learner is able to understand the relationship between technology risk scenario's, control measures, Service Level Agreements and the effect of these factors on overall information technology risk management. 

    REREGISTRATION HISTORY 
    As per the SAQA Board decision/s at that time, this unit standard was Reregistered in 2012; 2015. 

    UNIT STANDARD NOTES 
    Legal Requirements:

    Adhere to regulatory requirements in terms of Telecom


    Terminology:

    Connectivity relates to transfer of information between platforms, identical and non-identical power, etc. 

    QUALIFICATIONS UTILISING THIS UNIT STANDARD: 
      ID QUALIFICATION TITLE PRE-2009 NQF LEVEL NQF LEVEL STATUS END DATE PRIMARY OR DELEGATED QA FUNCTIONARY
    Elective  61589   National Certificate: Banking  Level 5  Level TBA: Pre-2009 was L5  Passed the End Date -
    Status was "Reregistered" 
    2023-06-30  As per Learning Programmes recorded against this Qual 


    PROVIDERS CURRENTLY ACCREDITED TO OFFER THIS UNIT STANDARD: 
    This information shows the current accreditations (i.e. those not past their accreditation end dates), and is the most complete record available to SAQA as of today. Some Primary or Delegated Quality Assurance Functionaries have a lag in their recording systems for provider accreditation, in turn leading to a lag in notifying SAQA of all the providers that they have accredited to offer qualifications and unit standards, as well as any extensions to accreditation end dates. The relevant Primary or Delegated Quality Assurance Functionary should be notified if a record appears to be missing from here.
     
    1. AFRICAN BANK LTD 
    2. Chartall Business College 
    3. Damelin (Pty) Ltd 
    4. Felix Risk Training Consultants 
    5. Plumb Line Risk Alignment 
    6. Riverwalk Trading 151 CC trading as Culhane Consulting 
    7. Standard Bank Personal and Business Banking 
    8. The Academy of Financial Markets 
    9. The Institute of Literacy Advancement 
    10. THE SHERQ CENTRE OF EXCELLENCE PTY LTD 



    All qualifications and part qualifications registered on the National Qualifications Framework are public property. Thus the only payment that can be made for them is for service and reproduction. It is illegal to sell this material for profit. If the material is reproduced or quoted, the South African Qualifications Authority (SAQA) should be acknowledged as the source.