Obsolescence of Information Assets

March 19, 2014

BSP MEMORANDUM NO. M-2014-012

TO:All BSP-Supervised Institutions
SUBJECT:Obsolescence of Information Assets

A. Risk Management Processes to Address Obsolete Information Assets

The product life cycle of an information asset generally ends when it is rendered obsolete, such as when the (1) skill required in maintaining the asset is no longer available, (2) supplier/vendor stops supporting the asset (end-of-life) or (3) format is no longer readable by more current technologies. Obsolescence heightens operational risk due to its implications to service delivery, information security and business continuity. For instance, end-of-life increases the vulnerability to malware and other attacks since the supplier/vendor no longer monitors and provides patches/security updates to the said asset.

In line with this, BSP-supervised institutions (BSIs) should follow existing Information Technology (IT) risk management processes provided by BSP Circular No. 808 dated 22 August 2013 (including the related appendices), to address the risks brought about by obsolescence. Given that obsolescence is (1) an identified threat or (2) an event that may result to vulnerabilities to the information assets or over-all IT...

AIC Grande Tower Garnet Road
Ortigas Center, Pasig City
Metro Manila Philippines

Mobile No. +639451244898
digestph@gmail.com