PRESENTATION SUMMARY - 9 basic steps towards TRM compliance
Speaking at Hubbis’ Digital Wealth event in Singapore in June – Sami Benafia of Ingenia Consultants explains how to ensure compliance with technology Risk Management (TRM) guidelines.
Singapore’s financial watchdog had issued TRM Notices in 2015 together with enhanced Guidelines to provide guidance in addressing existing and emerging technology risks confronting financial institutions.
The regulations do not distinguish big from small companies, but how companies interpret regulations to fit their culture and environment will vary.
So all affected firms need to understand how to deal with these – especially since a 2-page document for a Notice might involve 50 pages of Guidelines.
They therefore need to take a practical approach to get started on their TRM journey, explains Sami Benafia, head of sales and marketing at Ingenia Consultants.
His firm’s nine basic steps to approach TRM include: business process mapping; identifying and documenting in an inventory their system and information assets; classifying the assets by their confidentiality, integrity and availability; being able to monitor and handle incidents, such as, system outage, ransomware attack or data loss; defining the risk management as early as possible; and putting in place the controls relating to protecting the assets.
Outsourcing is an increasingly common practice, but it entails a lot of risk if not managed properly, explains Benafia.
A starting point that he suggests is to look at what data is there – including anything that the company creates, processes/transmits or stores.
It is important to highlight that risks are rarely fully eradicated. And not all risks need to be remediated. Further, not all risks can be resolved at the same time.