cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

An IT Portfolio solution to comply with new MAS guidelines in Singapore

An IT Portfolio solution to comply with new MAS guidelines in Singapore.jpg
3452
0

The changes were primarily made in response to the SolarWinds cyberattack which has impacted many organisations around the world. The highlight of the latest TRM guidance indicates that financial institutions such as banks, payment providers, brokerages, and insurance providers must now audit their suppliers of technology vendors in their security measures and cyber-risk management. They must also determine if secured mechanisms are used to interact with the institution’s APIs which send and receive information. Source code validation may be requested from vendors as part of the new changes.

 

The key challenges to respond to new MAS guidelines

IT departments in financial institutions may find themselves with one or more of the following issues when preparing to meet new MAS compliance requirements such as mandatory vendor audits:

 

  • Information from different stakeholders is found in different formats, such as Excel or Word document, resulting in a long time to consolidate required information.

 

  • Information can be duplicated or simply missing. IT Managers would analyse and determine if the information gathered is accurate, and typically start with a list of applications. but that list may not contain supporting information such as Vendors or can even contain mistakes. Sorting through and correcting these issues take up a lot of time, and no progress is made on required activities such as starting to audit vendors.

 

  • Another challenge for IT Managers is when capturing more information, they may have to update different documents to be consistent which is a lot of work, and manual errors may occur.

 

  • Information gathered can hardly be analysed nor contextualized. Information in an IT organisation is usually found in Excel and Word documents. These have one dimension, which is to say they only provide one view of the information. Within an enterprise, software technologies can be re-used in different Applications across the IT landscape. An example would be a database management software that can be used by a few applications. When an IT Manager looks at the information, the typical view would be from applications or software technology using these documents. But if IT Managers need to understand the impacts and see the connected overview, it is not possible using Word and Excel.

 

The advantages of using an IT Portfolio Management solution to audit technology vendors

An IT Portfolio Management solution can help all financial institutions to assess the suppliers of their technology vendors. Here are the main advantages:

 

1.      Easily retrieve up-to-date information about IT and its related information

An IT Portfolio Management solution contains a single source of information in the enterprise. Having all the information, such as application records in one place, saves time when gathering information for analysis. IT Managers can then delegate the responsibility of information update to specific stakeholders, who would have the most updated information. This would help in maintaining the freshness of information, such as the last time a software source code has been tested, and allows frequent updates to provide timely information.

 

2.      Have a single source of truth to record additional information related to compliance

Having a baselined and structured information can make it easy to respond to new requirements, the information required can be extended from the base information already captured. Supporting information such as technology usage and vendors have already been captured as standard in a solution like HOPEX ITPM. To meet the additional TRM use case, information such as Vendor audits can be captured as part of the Vendor information record, as and when there are conducted. With a connected, contextualised way of collecting information, the compliance information builds on top of the existing information.

 

3.      Generate reports to share key indicators

Collecting relevant information is only part of the work to meet compliance requirements, IT Managers must also quickly deliver the output that management and auditors require. Usually, that output is a consolidated view on the completeness of required activities. For example, a report is required to check which Vendors have their Audits completed, and the Applications were provided by these Vendors. Tools like HOPEX ITPM have the ability to generate reports based on the information captured.

 

Being prepared for changes and new requirements for regulatory compliance gets easy if there is a well-defined, maintained IT Portfolio.

Using HOPEX ITPM as an IT Portfolio management solution shows how IT information can be connected to one another to provides a complete view of the IT landscape. HOPEX ITPM in a systematic approach, with a structured and maintained information pool, IT Managers can reduce the churn of gathering and sorting through information to focus on engaging stakeholders on managing risk and compliance in the enterprise. HOPEX ITPM also provides a way of preparing reports from the contents of the IT Portfolio easily for stakeholders and management.

 

product banner itpm.gif

3452
0
Comment
aloh
MEGA

The changes were primarily made in response to the SolarWinds cyberattack which has impacted many organisations around the world. The highlight of the latest TRM guidance indicates that financial institutions such as banks, payment providers, brokerages, and insurance providers must now audit their suppliers of technology vendors in their security measures and cyber-risk management. They must also determine if secured mechanisms are used to interact with the institution’s APIs which send and receive information. Source code validation may be requested from vendors as part of the new changes.

 

The key challenges to respond to new MAS guidelines

IT departments in financial institutions may find themselves with one or more of the following issues when preparing to meet new MAS compliance requirements such as mandatory vendor audits:

 

  • Information from different stakeholders is found in different formats, such as Excel or Word document, resulting in a long time to consolidate required information.

 

  • Information can be duplicated or simply missing. IT Managers would analyse and determine if the information gathered is accurate, and typically start with a list of applications. but that list may not contain supporting information such as Vendors or can even contain mistakes. Sorting through and correcting these issues take up a lot of time, and no progress is made on required activities such as starting to audit vendors.

 

  • Another challenge for IT Managers is when capturing more information, they may have to update different documents to be consistent which is a lot of work, and manual errors may occur.

 

  • Information gathered can hardly be analysed nor contextualized. Information in an IT organisation is usually found in Excel and Word documents. These have one dimension, which is to say they only provide one view of the information. Within an enterprise, software technologies can be re-used in different Applications across the IT landscape. An example would be a database management software that can be used by a few applications. When an IT Manager looks at the information, the typical view would be from applications or software technology using these documents. But if IT Managers need to understand the impacts and see the connected overview, it is not possible using Word and Excel.

 

The advantages of using an IT Portfolio Management solution to audit technology vendors

An IT Portfolio Management solution can help all financial institutions to assess the suppliers of their technology vendors. Here are the main advantages:

 

1.      Easily retrieve up-to-date information about IT and its related information

An IT Portfolio Management solution contains a single source of information in the enterprise. Having all the information, such as application records in one place, saves time when gathering information for analysis. IT Managers can then delegate the responsibility of information update to specific stakeholders, who would have the most updated information. This would help in maintaining the freshness of information, such as the last time a software source code has been tested, and allows frequent updates to provide timely information.

 

2.      Have a single source of truth to record additional information related to compliance

Having a baselined and structured information can make it easy to respond to new requirements, the information required can be extended from the base information already captured. Supporting information such as technology usage and vendors have already been captured as standard in a solution like HOPEX ITPM. To meet the additional TRM use case, information such as Vendor audits can be captured as part of the Vendor information record, as and when there are conducted. With a connected, contextualised way of collecting information, the compliance information builds on top of the existing information.

 

3.      Generate reports to share key indicators

Collecting relevant information is only part of the work to meet compliance requirements, IT Managers must also quickly deliver the output that management and auditors require. Usually, that output is a consolidated view on the completeness of required activities. For example, a report is required to check which Vendors have their Audits completed, and the Applications were provided by these Vendors. Tools like HOPEX ITPM have the ability to generate reports based on the information captured.

 

Being prepared for changes and new requirements for regulatory compliance gets easy if there is a well-defined, maintained IT Portfolio.

Using HOPEX ITPM as an IT Portfolio management solution shows how IT information can be connected to one another to provides a complete view of the IT landscape. HOPEX ITPM in a systematic approach, with a structured and maintained information pool, IT Managers can reduce the churn of gathering and sorting through information to focus on engaging stakeholders on managing risk and compliance in the enterprise. HOPEX ITPM also provides a way of preparing reports from the contents of the IT Portfolio easily for stakeholders and management.

 

product banner itpm.gif