Tuesday, April 1, 2014

Technology Risk Management Notices and Guidelines

In June 2013, the Monetary Authority of Singapore ('MAS') has issued Notices and Guidelines on Technology Risk Management ('TRM'). Financial Institutions ('FIs') must review their technology systems and processes and evaluate how to effectively implement adequate technology risk measures in order to protect their IT.

The TRM Guidelines are statements of industry best practices which MAS expects FIs to adopt taking into account the diverse activities they engage in and the markets in which they conduct transactions. In contrast, all FIs must fully comply with the TRM Notice by 1 July 2014; in particular they must
  • put in place a framework and process to identify Critical Systems;
  • ensure that the maximum unscheduled downtime for each Critical System does not exceed a total of 4 hours within any period of 12 months and that every Critical System is restored within 4 hours and recovery procedures shall be tested every 12 months;
  • notify MAS not later than 1 hour upon the discovery of a Relevant Incident and a root cause and impact analysis report submitted to MAS, within 14 days;
  • implement IT controls to protect customer information from unauthorised access or disclosure.

No comments:

Post a Comment