CCM - ABS MappingCloud Controls Matrix (CCM) - ABS Cloud Computing Implementation Guide Mapping |
The Financial Services Industry (FSI) is one of most important and regulated sectors in any markets. As such, it is typically bounded by a multitude of regulations that they need to comply with. In Singapore for example, there are the Banking Act and the Securities and Futures Act that financial institutions (FIs) are bounded by. Additionally, there are also numerous guidelines / frameworks / best practices recommended for FIs with the intention to improve operations, better governance, and reduce risk among others. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines that helps FIs minimize technology usage risk. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry’s progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. In the technology space, there are also multiple frameworks and guidelines available, such as the above-mentioned TRM, ISO/IEC 27001 & 27002 and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP and the Cloud Computing Implementation Guide (CCIG) v2.0 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies. Because of this complex landscape, cross-mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. An example is the Cloud Security Alliance (CSA)’s Cloud Controls Matrix (CCM) that illustrates the relationship between CSA’s Security Guidance in 14 domains with over 30 industry-accepted global security standards, regulations and controls frameworks. The Working Group (WG) for CCM-CCIG mapping will aim to perform and verify mapping between ABS CCIG and CCM. This will effectively evaluate the similarities and gaps between CCIG and the numerous frameworks mapped in the CCM. Singapore FIs who are already in line with CCIG will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the CCIG to achieve adherence to another targeted framework within CCM, which is useful when expanding to other markets. |
Scope |
The scope for the CCM-CCIG WG includes, but is not limited to:
|