MAS Technology Risk Management Guidelines

MAS Technology Risk Management Guidelines

MAS Technology Risk Management Guidelines — 100% covered.

4 requirements · 4 enforced · 0 designed · 0 advisory · 0 deferred.

Source: Monetary Authority of Singapore, Technology Risk Management Guidelines (January 2021) — access control, audit logging, IT incident management, and third-party risk for financial institutions.

By category

CategoryReqsEnforcedDesignedAdvisoryDeferredCoverage
Access control 1 1 0 0 0 100%
Audit logging & retention 1 1 0 0 0 100%
IT incident management 1 1 0 0 0 100%
Third-party risk management 1 1 0 0 0 100%

Every requirement → the KYE artefact that enforces it

IDTitleStatusKYE enforcement
mas-trm.access-control MAS TRM Guidelines — strong access controls, including least-privilege and just-in-time privileged access for systems handling financial data enforced audit_events: kye.purpose.admissibility.v1, kye.risk.authority_register.v1
engines: internal, internal
constitution_refs: constitution/12-PURPOSE-PERMISSION.md
mas-trm.audit-logging MAS TRM Guidelines — comprehensive, tamper-resistant audit logging of system and security events with adequate retention enforced audit_events: kye.evidence.pack.v1, kye.replay.context_seal.v1
engines: internal, internal
constitution_refs: constitution/30-AUDIT-WORM-RETENTION.md, constitution/35-STREAMING-LOGS.md
mas-trm.incident-management MAS TRM Guidelines — IT incident management, including timely detection, escalation and notification to MAS of relevant incidents enforced audit_events: kye.signal.incident.opened.v1, kye.compliance.attestation.v1
engines: internal, internal
constitution_refs: constitution/13-RESILIENCE-LOOP.md
mas-trm.third-party-risk MAS TRM Guidelines — manage technology risk arising from third-party service providers across the lifecycle of the arrangement enforced audit_events: kye.risk.authority_register.v1, kye.assurance.risk_assessment.v1
engines: internal, internal
constitution_refs: constitution/51-NO-SPOF.md