Looking for a quality assurance, IT risk, or testing partner? Then you need access our expertly researched resource tracking the most important 500 service providers, from the largest to the most specialist.Sign up now
MAS updates outsourcing requirements
The Monetary Authority of Singapore (MAS) has added a section on cloud computing to its newly updated guidelines for financial firms on outsourcing technology services and has scrapped its requirement that financial firms notify the MAS of new material outsourcing arrangements they enter into. The regulator had announced its intention to revise its 2004 outsourcing guidelines at the beginning of July.
The report defines cloud computing as: “A combination of a business and delivery model that enables on-demand access to a shared pool of resources such as applications, servers, storage and network security.” It lists software-as-a-service, platform-as-a-service and infrastructure-as-a-service as examples of cloud computing. The MAS goes on to distinguish between private and public cloud, noting the growing popularity of hybrid combinations to: “Provide for distinct operational and security trade-offs.”
The MAS noted that while risks associated with cloud computing are not in principle distinct from those of other forms of outsourcing arrangements, the services provider must have safeguards in place to protect customer data. “Institutions should ensure that the service provider possesses the ability to clearly identify and segregate customer data using strong physical or logical controls,” the MAS said, adding that there should also be controls in place to protect access data once cloud service contracts have been terminated.
The MAS has scrapped the obligation that it be notified every time a financial firm undertakes new material outsourcing arrangements. However, the report does state that firms should be able to demonstrate adherence to the guidelines should the regulator require it.
Financial firms will still be expected to submit an outsourcing register annually or upon request.