Monthly Archives: December 2013

Data centres protection and controls

As FIs’ critical systems and data are concentrated and maintained in the DC, it is important that the DC is resilient and physically secured from internal and external threats. Threat and Vulnerability Risk Assessment The purpose of a Threat and … Continue reading

MAS Technology Risk Management Guidelines ,

Operational infrastructure security management

The IT landscape is vulnerable to various forms of cyber attacks8, and the frequency and malignancy of attacks are increasing. It is imperative that FIs implement security solutions at the data, application, database, operating systems and network layers to adequately … Continue reading

MAS Technology Risk Management Guidelines ,

Systems reliability, availability and recoverability

The reliability, availability, and recoverability of IT systems, networks and infrastructures are crucial in maintaining confidence and trust in the operational and functional capabilities of an FI. When critical systems fail, the disruptive impact on the FI’s operations or customers … Continue reading

MAS Technology Risk Management Guidelines , , ,

IT service management

A robust IT service management framework is essential for supporting IT systems, services and operations, managing changes, incidents and problems as well as ensuring the stability of the production IT environment. The framework should comprise the governance structure, processes and … Continue reading

MAS Technology Risk Management Guidelines ,

Acquisition and development of information systems

Many systems fail because of poor system design and implementation, as well as inadequate testing. The FI should identify system deficiencies and defects at the system design, development and testing phases. The FI should establish a steering committee, consisting of … Continue reading

MAS Technology Risk Management Guidelines ,

Management of IT outsourcing risks

IT outsourcing comes in many forms and permutations. Some of the most common types of IT outsourcing are in systems development and maintenance, support to DC operations, network administration, disaster recovery services, application hosting, and cloud computing. Outsourcing can involve … Continue reading

MAS Technology Risk Management Guidelines

MAS TRM – Technology risk management framework

A technology risk management framework should be established to manage technology risks in a systematic and consistent manner. The framework should encompass the following attributes: Roles and responsibilities in managing technology risks; Identification and prioritisation of information system assets; Identification … Continue reading

MAS Technology Risk Management Guidelines

(MAS-TRM) Oversight of technology risks by board of directors and senior management

IT is a core function of many FIs. When critical systems fail and customers cannot access their accounts, an FI’s business operations may immediately come to a standstill. The impact on customers would be instantaneous, with significant consequences to the … Continue reading

MAS Technology Risk Management Guidelines ,

MAS TRM (Technology Risk Management) Guidelines – Introduction

The Monetary Authority of Singapore (MAS) released its revised Technology Risk Management (TRM) Guidelines on 21 June 2013.  Significant revision has been applied to previous version of the guidelines called Internet Banking and Technology Risk Management (IBTRM) released on 2 … Continue reading

MAS Technology Risk Management Guidelines ,

About MAS (Monetary Authority of Singapore)

As Singapore’s central bank, the Monetary Authority of Singapore (MAS) promotes sustained, non-inflationary economic growth through appropriate monetary policy formulation and close macroeconomic surveillance of emerging trends and potential vulnerabilities. It manages Singapore’s exchange rate, foreign reserves and liquidity in … Continue reading

MAS Technology Risk Management Guidelines ,