We know that customers are excited about the new Oracle Cloud region in Singapore and, rest assured, the feeling is mutual. We’re excited for all the benefits that the region will bring to Singapore—like reduced latency and support for data residency requirements.
Enabling customers to run workloads in Singapore opens new possibilities, and we understand that customers in regulated industries have additional requirements they need to meet before using Oracle Cloud Infrastructure. This rings especially true in the financial sector, where customers are expected to adhere to various regulatory requirements and guidelines, such as those from the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS).
To help support our customers in Raffles Place, we’re addressing how Oracle’s practices and policies align with the MAS and ABS guidelines.
Monetary Authority of Singapore (MAS)
For those who aren’t familiar, MAS is the central bank and financial regulatory authority of Singapore. In 2013, MAS published the Monetary Authority of Singapore – Technology Risk Management Guidelines outlining technology risk management principles and best practices for the financial sector. In January 2021, the Technology Risk Management (TRM) Guidelines were revised to reflect the latest trends in technology developments and cyber threats.
In order to demonstrate the resiliency of OCI data centers, we published an advisory paper that addressed Section 8.5 of the updated TRM Guidelines focused on Data Centre Resilience. It outlines several Oracle policies and practices that can help determine how suitable OCI is for your organization.
In addition, we also published a related advisory paper that explains OCI policies and practices related to Singapore’s updated MAS TRM guidelines titled Oracle Cloud Infrastructure Practices in the Context of the Technology Risk Management Guidelines.
This advisory paper demonstrates how our practices and policies align with the MAS guidelines. The MAS TRM advisory paper addresses the following topics:
- Technology Risk Governance and Oversight
- Technology Risk Management Framework
- IT Project Management and Security-by-Design
- Software Application Development and Management
- IT Service Management
- IT Resilience
- Access Control
- Cryptography
- Data and Infrastructure Security
- Cyber Security Operations
- Cyber Security Assessment
- IT Audit
The Association of Banks in Singapore (ABS)
Closely related to MAS are the ABS guidelines. ABS is a non-profit organization that represents the interests of the commercial and investment banks operating in Singapore. In 2015, ABS released the Guidelines on Control Objectives and Procedures for Outsourced Service Providers that outlines what banking customers should look for in an outsourced service provider.
A non-exhaustive list of ABS guidelines include:
- Control Environment
- Risk Assessment
- Information and Communication
- Information Security Policies
- Practices related to Sub-Contracting
- Logical and Physical Security
- Incident and Change Management
- Backup and Disaster Recovery
- Network and Security Management and Incident Response
- Technology Refresh Management
Losing data or a security breach will certainly impact the reputation of the financial institution. These guidelines will be outsourcing of services while not outsourcing risk and complying with ABS guidelines, financial institutions ensure their controls and operations are secure.
Next steps
Data regulation compliance can be seen as an opportunity for organizations to improve the way in which they handle data and bring their processes up to speed in a digital era.
With the launch of the Singapore region our customers in southeast Asia can harness the power of Oracle Cloud, unlocking innovation, and driving business growth.
We’re always committed to making our customers successful in the cloud. If you want more information on how to use Oracle Cloud in your region, contact one of our representatives.