MAS Issues Circular on Technology and Cyber Security Risks of Public Cloud Services

The Monetary Authority of Singapore issued a circular advising financial institutions of the technology and cyber security risks associated with public cloud services. The circular focuses on identifying and managing the risks associated with the adoption of public cloud services and serves as a reminder that financial institutions are ultimately responsible for managing these risks.

Read more

MAS Revises the Technology Risk Management Guidelines

The Monetary Authority of Singapore has revised the Technology Risk Management Guidelines applicable to financial institutions and their third party service providers. The revised Guidelines highlight MAS's increased expectations for cybersecurity controls and their importance in a financial institution's technology development and delivery lifecycle.

Read more

Overview of PDPC Guide on Managing Data Intermediaries

The Personal Data Protection Commission's Guide on Managing Data Intermediaries highlights key obligations of, and considerations for, data controllers in outsourcing data processing activities to data intermediaries.

Read more

Review of Recent PDPC Decisions - September 2020

Decisions published by the Personal Data Protection Commission in September 2020 highlight the importance of imposing contractual data protection obligations on vendors that will possess or access personal data. Organisations should also implement a password management policy, conduct properly-scoped pre-launch testing of IT features and cease retaining personal data that are no longer necessary.

Read more

Review of PDPC August Decisions

Decisions published by the Personal Data Protection Commission in August 2020 highlight the importance of having security measures - reasonable and appropriate to the type of personal data processed and nature of processing undertaken - in order to protect data in compliance with the Personal Data Protection Act 2012. Organisations using IT systems to collect and process personal data must conduct rigorous pre-launch testing and regular security reviews.

Read more


Go to Page: