MAS Technology Risk Management Update
With the increase in cyber-attacks like the recent solar winds one and the very public issues with WireCard which left many firms in Singapore and beyond being unable to process transactions, the strengthening of the Monetary Authority of Singapore (MAS) Technology Risk Management Guidelines (TRM) was inevitable.
The revised TRM set out technology risk management principles and best practices for the financial sector and provides guidance for Financial Institutions to establish a sound and robust Technology Risk Governance and Oversight Framework. This requires firms to adopt a defence-in-depth approach to strengthen cyber resilience, and continuously improve IT processes and controls to preserve confidentiality, integrity and availability of data and IT systems. Protiviti supports regulated institutions in testing, policy gap assessments, and roadmap development to achieve compliance to prevailing standards.
Highlighted Key Updates
124 New Requirements, 2 New Sections, 26 New Sub-sections, 3 New Appendices
How can Protiviti Help Prepare Your Business to Meet Obligations of the Revised Requirements?
- Technology Strategy and IT Operations services to align IT and business strategy.
- Transformation programme execution and embedding of security-by-design to maximise investment and strategy realisation.
- Establish effective IT operating models and governance (reporting) to address the expanded roles of management in managing technology risks.
- Build and maintain an effective security monitoring and Security Operations Centre function.
- Evaluate control design (DevSecOps) within the organisation and third parties and provide recommendations on gaps.
- Technical security postures i.e. data security and privacy, cloud security, vulnerability / penetration testing.
- Improve Incident Response and Cyber Resiliency through tabletop exercises, emergency breach response, cyber threat hunting, and cyber resiliency.
- Agile software services for the design, development and implementation of innovative technology solutions.
- Invoking meaningful transformation based on client business requirements, to provide a comprehensive end-to-end technology solution.
- Ensure appropriate TRM focused controls are embedded throughout the system development life cycle.