Complying with Technology Risk Management (TRM) Guidelines of the Monetary Authority of Singapore (MAS)

nCipher helps organizations comply with key components of the Monetary Authority of Singapore's Technology Risk Management Guidelines

APAC Map

Guidance

Active now

Monetary Authority of Singapore Guidance

To safeguard sensitive customer data and comply with the Monetary Authority of Singapore’s Technology Risk Management guidelines, organizations need to apply consistent, robust and granular controls.

nCipher helps customers address the guidelines throughout their organization, in part through:

Hardware Security Modules (HSMs) that provide a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management.

Regulation Overview

The Monetary Authority of Singapore (MAS) published Technology Risk Management (TRM) Guidelines to help financial firms establish sound technology risk management, strengthen system security, and safeguard sensitive data and transactions.

The TRM contains statements of industry best practices that financial institutions conducting business in Singapore are expected to adopt. The MAS makes clear that, while the TRM requirements are not legally binding, they will be a benchmark the MAS uses in assessing the risk of financial institutions.

Guideline Descriptions
  • 8.4.4 The FI should encrypt backup tapes and disks, including USB disks, containing sensitive or confidential information before they are transported offsite for storage.
  • 9.1.6 Confidential information stored on IT systems, servers and databases should be encrypted and protected through strong access controls, bearing in mind the principle of “least privilege”.
  • 11.0.1.c Access control principle – The FI should only grant access rights and system privileges based on job responsibility and the necessity to have them to fulfill one's duties. The FI should check that no person by virtue of rank or position should have any intrinsic right to access confidential data, applications, system resources or facilities.
  • 11.1.1 The FI should only grant user access to IT systems and networks on a need-to-use basis and within the period when the access is required. The FI should ensure that the resource owner duly authorises and approves all requests to access IT resources.
  • 11.2 Privileged Access Management.
  • 11.2.3.d. Grant privileged access on a “need-to-have” basis.
  • 11.2.3.e. Maintain audit logging of system activities performed by privileged users.
  • 11.2.3.f. Disallow privileged users from accessing systems logs in which their activities are being captured.
  • 13 payment card security (automated teller machines, credit and debit cards).
nCipher HSMs

Hardware Security Modules (HSMs) from nCipher provide a hardened, tamper-resistant environment for secure cryptographic processing, key protection, and key management. With these devices organizations can deploy high assurance security solutions that satisfy widely established and emerging standards of due care for cryptographic systems and practices—while also maintaining high operational efficiency.

Other key data protection and security regulations

Philippines Data Privacy Act

GDPR Thumbnail

Regulation

Active now

The Philippines Data Privacy Act adopts international principles and standards for personal data protection and apply to the processing of personal data across both government and private sector.

Learn More

South Korea’s PIPA

GDPR Thumbnail

Regulation

Active now

One of the strictest data protection regimes in the world, it is supported by two pieces of sector specific legislation related to IT and communications networks and the use of credit information.

Learn More

Australia Privacy Act

eIDAS

Regulation

February 2018

Australia's Privacy Act establishes a mandatory requirement to notify the Privacy Commissioner and affected individuals of data breaches. It will take effect on February 22, 2018.

Learn More
Contact a Compliance Specialist Contact Us
Read the Compliance and Regulations Solutions Handbook Read the eBook
Want to be part of our team? Explore
Get in contact with a specialist Contact Us