Information Security Guide For MAS Technology Risk Management Report
Evvo Labs Pte Ltd
Your leading provider of digital transformation and corporate technology services in Singapore
The Monetary Authority of Singapore (MAS) is the central bank of Singapore. It was established by the Monetary Authority of Singapore Act and gives it the authority to regulate the financial services sector in Singapore (Monetary Authority of Singapore Acts, 1999), which provides for the MAS to oversee and exercise control over all the financial operations performed by Singapore’s financial institutions (FIs) and their related entities. The MAS also exercises powers under specific legislation directed at types of financial institutions and financial services providers, including the Banking Act, the Securities and Futures Act, the Financial Advisers Act, and the Insurance Act.
The TRM Guidelines
The Technology Risk Management (TRM) Guidelines are explanations of best practices that can be adopted by the Singapore FIs. The guidelines are meant to protect customer financial data, transactional data, and systems, strengthen system security, and establish a robust technology risk management framework. MAS initially issued the TRM Guidelines in June 2013 and published the updated version on January 18, 2021. MAS updated the guidelines to align with the digital transformation process within financial institutions and FinTech organisations. It aims to improve the cyber resilience of all FIs, especially with their capabilities to identify, protect, detect, respond, and recover from any cyberattacks. The updated guidelines represent significant changes, including:
Building a strong risk management framework that includes roles and responsibilities, information security rules, standards, and procedures is advised to the FI's board of directors and senior management. A plan for the people selection process is also included, with an emphasis on IT security awareness among the contractors, vendors, and employees of the FI.
The TRM Standards place a strong emphasis on risk management as a key idea. MAS advises FIs to evaluate their compliance with the criteria using a risk-based approach. This section outlines the requirements for safeguarding the information system assets, risk identification, risk assessment, risk management, and risk monitoring and reporting.
领英推荐
It advises FIs on how to do background checks and due diligence on vendors and service providers. The guidelines place a strong emphasis on the operational risks that should be managed while outsourcing. It advises that FIs make sure service providers follow security procedures, rules, and controls that are at least as stringent as their own. To make sure their service providers uphold a high quality of diligence and care in protecting the confidentiality, integrity, and availability of their data and systems, the FIs must also perform routine reviews or assessments with them.
This clause outlines all the best security practices that should be followed for system and application development. It emphasizes DevSecOps, Security By Design, and code standards. The list includes specific guidelines for end-user development, security requirements and testing, source code review, and IT project management.
Explains the many service management frameworks that FIs can choose from and put into use. The framework's goal is to guarantee that the FIs have the necessary tools and resources to support IT services and operations. Some of the subjects covered are change management, program migration, problem management, capacity management, and incident management.
To view the full updated guidelines, download our Information Security Guide For MAS Technology Risk Management Report to learn more.