Brief on MAS-TRM Compliance & Audit

The Monetary Authority of Singapore (MAS) was established as the country’s Central bank, and Financial Regulatory Authority, on 1 January 1971. The Bank passed the Monetary Authority of Singapore Act that enables MAS to exercise control over financial institutions and empowers it to regulate and supervise various statutes including the Banking Act, the Insurance Act, the Securities and Futures Act, and the Financial Advisers Act. With an aim to secure information security systems of Financial Institutes, the Monetary Authority of Singapore issued the Technology Risk Management Guidelines. These guidelines are statements of best practices that are expected to be followed by Financial Institutes to protect the customer’s financial data, transactional data, and systems. However, it has been clearly stated that these guidelines are not legally binding but form a benchmark for MAS in assessing the risk of financial institutions. LEARN MORE ABOUT MAS-TRM COMPLIANCE

Enquire

    Our Approach to MAS-TRM Consulting & Audit

    Initial Study
    Initial Study

    Our Initial study involves understanding your business processes and environment. This will enable us to consolidate the scope thereby helping you reduce cost and time of implementation.

    Scope Definition
    Scope Definition

    We support your management in Scope Definition which includes setting timelines, responsibilities and budget for the implementation.

    Gap Analysis
    Gap Analysis

    We conduct an “as-is” Gap Analysis of your organization vis-à-vis the standard and help your team fix the gaps.

    Conduct Awareness Session
    Conduct Awareness Session

    We Conduct Awareness session for your IT Team and relevant personnel on MAS TRM Compliance and further discuss about their roles responsibilities and timelines.

    Asset Inventory
    Asset Inventory

    Our team identifies your critical information assets, classify them and create an Asset inventory

    Risk Assessment
    Risk Assessment

    Our experts conduct a detailed Risk Assessment to identify what can go wrong with which asset and how it will impact your organization.

    Risk Treatment
    Risk Treatment

    In sync with our Tech Team, our experts rank out the risks and help you strategize the Risk Treatment measures.

    SOP Document Set
    SOP Document Set

    With all data in hand, our team then creates the SOP document set. Your inputs required ONLY to validate the same.

    VA/PT
    VA/PT

    We conduct internal/external Vulnerability Assessment and penetration testing of your servers and networks

    Rolling Out Recommendations
    Rolling Out Recommendations

    Our Infrastructure Advisory Services team shall support your internal team in rolling out the recommendations based on the assessment findings and reports.

    User Training
    User Training

    Specialised personnel then conduct User Training of ALL personnel covered in scope on their specific responsibilities.

    Pre-assessment
    Pre-assessment

    After a reasonable gestation period, a separate team of experts conduct a Pre-assessment of your setup.

    Continual Support
    Continual Support

    If you so wish, we can take over the responsibility for Continually Supporting (Managed Compliance Services) your organization to stay MAS TRM Compliant.

    Benefits to work with vistainfsoec

    Why work with VISTA InfoSec?

    Singapore Based – Our attestation is provided by our office in Singapore to ensure maximum accountability and market acceptability of our reports.
    Trusted Auditors – Our auditors have relevant certifications such as CISA / CISSP, etc with at least 12-15 years of experience.
    Years of Experience – Your organization will benefit from our more than a decade long industry experience and knowledge.
    End-to-end support – Our team will hand-hold you at every stage of the Compliance process including the design of controls and documentation as may be required.
    Robust security & risk management solution- We will provide you with a comprehensive solution, designed to meet your requirements
    Reports detailing the analysis finding- We will provide you documents detailing the findings of the analysis and provide relevant recommendations for the same.
    Training videos and materials- We will provide you valuable training videos and materials for the ongoing training of your personnel.
    Vendor neutral Company- We believe in being your true consulting / audit partners by not indulging in sales of hardware/software that might create bias.
    Strictly No Outsourcing- We value your trust in us so we do not outsource your critical assignments to another third party.
    Frequently Asked Questions

    Frequently Asked Questions on MAS-TRM Consulting & Audit

    The TRM Guidelines are statements of best practices expected to be adopted by every Financial Institute. However, these statements should not be regarded as standards for Financial Institutes to abide by. Financial Institutes may adopt these guidelines, considering the business operations they engage in and the markets in which they conduct transactions. Financial Institutes should apply the Guidelines which is contextually relevant to the regulatory requirements and industry standards.

    MAS-TRM Audit cost for an average-sized company starts at $12000. Pricing for the audit depends on several factors, including the Scope of Audit, Business Applications, Technology Platforms, Number of Locations, and other additional services.

    On average it takes 4-6 weeks to complete MAS-TRM Audit. However, the timeline also greatly depends on the time taken for implementing the remediation suggested in the gap analysis.

    You will receive an audit report documenting the details of the effectiveness of the Organization’s system and controls. The report will detail information about how your information is secured with all necessary controls in place. Additionally, we also provide a “Certificate of Compliance” that you can show your clients and also proudly hang on your office walls and conference rooms.

    MAS TRM Report is only valid for a year or 12 months from the date of issue and as per the Industry Standard requirement, the Audit must be performed annually, or at least when significant changes are introduced that may impact systems and control in an environment.

    Improve the Organization’s Security Posture /div>
    Prevent potential incident of breach/theft
    Prevent Regulatory Consequences
    Facilitates Business Continuity
    Facilitate efficient Risk Management

    Discover our latest resources

    MAS TRM – Managing the Compliance Process
    MAS TRM – Managing the Compliance Process
    Watch