Notice 127 Technology Risk Management
Requirements on technology risk management for insurers.
This notice applies to all licensed insurers, except captive insurers and marine mutual insurers.
It sets out requirements for the identification of critical systems, and for insurers to maintain high availability and recovery time objective for critical systems. Insurers are also required to notify MAS of relevant incidents according to the prescribed timeline and format.
Insurers must also implement IT controls to protect customer information from unauthorised access or disclosure.
See also:
Amendment Notes
There are no amendment notes for this notice.
Related to this Notice
-
FAQsLast Revised Date: 05 May 2023
FAQs - Notice on Technology Risk Management
Frequently asked questions about the Notice on Technology Risk Management.
-
GuidelinesPublished Date: 18 January 2021
Guidelines on Risk Management Practices – Technology Risk
Risk management principles and best practice standards to guide financial institutions in managing technology risk.
-
Forms and TemplatesPublished Date: 21 June 2013
Incident Reporting Template
Template for financial institutions to report incidents to MAS, including incidents relating to IT systems, cyber security, information loss and liquidity.
-
Forms and TemplatesPublished Date: 21 June 2013
Instructions on Incident Notification and Reporting to MAS
Provides guidance to financial institutions on the notification and reporting of incidents to MAS.