CCM Addendum for Associated Banks of Singapore

Written by: Co-chair - Arun VIVEK, Head of Cloud & Container Security – Cyber Security Services, Standard Chartered Bank

CSA CCM & Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 Controls

This week CSA released a Cloud Controls Matrix (CCM) addendum and Gap Analysis Report for Associated Banks of Singapore. The report will help Singapore financial institutions who are already in line with ABS CCIG 2.0 to easily identify and fulfill additional controls (gaps) on top of the ABS CCIG 2.0 and to achieve adherence to other targeted frameworks within CCM.

The financial services industry is one of the most critical sectors in any market, and financial institutions (FIs) face myriad regulations. In the case of Singapore FIs, for example, the Banking Act oversees banking institutions, the Securities and Futures Act governs capital market intermediaries, and the Insurance Act regulates insurers. Additionally, there are numerous guidelines, frameworks, and best practices recommended for FIs designed to improve operations, enhance governance, and reduce risks, among other goals. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines to help FIs minimize technology usage risk.

While challenging, it is imperative that conscientious FIs routinely review these available regulations, guidelines, frameworks, and best practices. These FIs should comply with mandatory regulations and carefully analyze which best practices and recommendations to adopt to reduce overall risk exposure and keep up with industry progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. There are multiple frameworks and guidelines available in the technology space, such as the above-mentioned TRM, ISO/IEC 27001 & 27002, and ISACA COBIT. There are also ISO/IEC 27018, the recently published ISO/IEC 21878, FedRAMP, and the Cloud Computing Implementation Guide (CCIG) 2.0 2 issued by the Association of Banks in Singapore (ABS) that are specific to cloud computing and its related technologies.

The capacity to map frameworks is a useful and popular tool for FIs seeking compliance under multiple standards and best practices. The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) 3 — currently at v3.0.1—provides FIs with this capability because it illustrates the relationship between CSA’s Security Guidance 4 in 14 domains with more than 30 industry- accepted global security standards, regulations, and controls frameworks.

This release comprises a mapping and gap analysis report between the cloud security requirements of Cloud Control Matrix (CCM) V3.0.1 and those of the ABS CCIG 2.0. This effort effectively evaluates the similarities and additional controls that serve to bridge the gap between ABS CCIG 2.0 and the numerous frameworks mapped in the CCM. Singapore FIs which are already in line with ABS CCIG 2.0 will easily identify and fulfill additional controls on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.

Download the mapping & gap analysis report below:

• Gap Analysis Report
• CCM Addendum (controls mapping with the ABS CCIG 2.0))