MAS TRM (Monetary Authority of Singapore Technology Risk Management) is a comprehensive set of guidelines from the Monetary Authority of Singapore aimed at helping Financial Institutions improve their cyber resilience and establish sound and robust technology management practices.

We help you analyse your security posture against the MAS TRM guidelines and identify gaps and areas of improvement. Our MAS TRM compliance experts conduct workshops with stakeholders through different stages of the engagement. The workshops are designed for top-level management, decision-makers and risk owners. Our experts identify the systems, applications, infrastructure and technologies that are used by your organisation to deliver services to your customers and therefore in the scope of the MAS TRM Guidelines.

We review your policies, procedures and process documents to see how well they align with the MAS TRM Guidelines to determine compliance and identify gaps and potential areas of improvement.

The Infocomm Media Development Authority (IMDA) in Singapore put a process in place to help companies develop more secure platforms by offering their customer a reduction in subscription costs by complying with their regulation.

For any technology solution providers who want to be listed as an IMDA pre-approved solution of the ‘SMEs Go Digital’ Programme, their solution needs to be approved by IMDA and one of the assessment criteria is to conduct a vulnerability assessment by a qualified third party. One of the criteria for that engagement is to engage a CREST-certified company like LRQA.

Benefits of being listed as an IMDA pre-approved solution of the ‘SMEs Go Digital’ programme:

• A Singaporean SME that uses your application can apply to receive a Productivity and Solution Grant to subsidise up to 80% of the cost of using the platform
• Your solution or platform will have some technical assurance against it to minimise service impact or data theft, ensuring your solution is more resilient against a cyberattack.
• A detailed vulnerability assessment report detailing the risks you need to manage and LRQA’s recommendations on how to rectify discovered technical vulnerabilities

The Personal Data Protection Act (PDPA) in Singapore requires organisations to implement reasonable security measures to protect personal data in their possession.

The right approach to information security is critical to achieving PDPA compliance. For many organisations, this requires a significant revision of their security strategy and tactics as PDPA requires organisations to implement a risk-based framework. This framework includes the correct governance structure, policies and operational practices in addition to monitoring, detection and incident response.

LRQA can help you with PDPA compliance by providing:

• Gap assessments against the PDPA standards for information security and incident response practices, to produce a roadmap to compliance.
• Monitoring services to support the information security and incident response aspects of PDPA.

As a recognised covered entity by the New York State Department of Financial Services (NYDFS), some organisations fall under a mandatory compliance requirement to protect Non-public Information (NPI). To do this, you must be following the NYDFS Cyber Security regulation, known as 23 NYCRR 500.

The regulation covers many elements of cyber security which means that it’s essential to review whether your current security posture complies with the relatively new regulatory standard.

LRQA helps you with measures necessary for NYDFS cyber security compliance via:

• A gap assessment against the 23 NYCRR 500 regulation to identify compliance gaps and recommend remediations producing a roadmap to compliance.
• CISO services to create or support your organisation’s information security program and NYDFS cyber security requirements.
• Writing or updating your policies and working with you on the NYDFS-associated documentation library.
• Penetration testing and vulnerability scanning to allow you the view a criminal threat actor would have of your technologies and platforms.

The Association of Banks in Singapore (ABS) issued the AASE Adversarial Attack Simulation Exercise (AASE) framework, which leverages threat intelligence and red teaming activity. Although AASE is a framework as opposed to regulation, LRQA can provide full spectrum services to align with these requirements.

The Gramm Leach Bliley Act (GLBA) was enacted by the Federal Trade Commission of the USA and requires financial services organisations to adhere to a series of security requirements, designed to protect non-public personal information.

LRQA can deliver assurance activities and Managed Detection and Response services that are specifically aligned with the requirements of this act.