Notice 127 Technology Risk Management
Requirements on technology risk management for insurers.
This notice applies to all licensed insurers, except captive insurers and marine mutual insurers.
It sets out requirements for the identification of critical systems, and for insurers to maintain high availability and recovery time objective for critical systems. Insurers are also required to notify MAS of relevant incidents according to the prescribed timeline and format.
Insurers must also implement IT controls to protect customer information from unauthorised access or disclosure.
There are no amendment notes for this notice.
Frequently asked questions about the Notice on Technology Risk Management.
Risk management principles and best practice standards to guide financial institutions in managing technology risk.
Template for financial institutions to report incidents to MAS, including incidents relating to IT systems, cyber security, information loss and liquidity.
Provides guidance to financial institutions on the notification and reporting of incidents to MAS.