Risk management principles and best practice standards to guide financial institutions in managing technology risk.
Notice 127 Technology Risk Management
Requirements on technology risk management for insurers.
This notice applies to all licensed insurers, except captive insurers and marine mutual insurers.
It sets out requirements for the identification of critical systems, and for insurers to maintain high availability and recovery time objective for critical systems. Insurers are also required to notify MAS of relevant incidents according to the prescribed timeline and format.
Insurers must also implement IT controls to protect customer information from unauthorised access or disclosure.
There are no amendment notes for this notice.