Gap Analysis Report - Mapping of the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0 to Cloud Security Alliance Cloud Controls Matrix v3.0.1

This document is an addendum to the CCM v3.0.1 and contains a controls mapping and gap analysis between the CSA CCM and the Association of Banks in Singapore Cloud Computing Implementation Guide 2.0. The CCM Addendum (mapping with Association of Banks in Singapore Cloud Computing Implementation Guide 2.0) is a companion piece with the Gap Analysis Report.

The financial services industry is one of most important and regulated sectors in any market. It is typically bounded by a multitude of regulations that financial institutions (FIs) need to comply with. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry’s progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving.

Because of this complex landscape, mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. In this exercise, the Working Group mapped the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide (CCIG) 2.0 to CSA’s Cloud Controls Matrix 3.0.1, and summarized the mapping results in the accompanying Gap Analysis Report. Singapore FIs who are already in line with ABS CCIG 2.0 will benefit through being able to easily identify and fulfil additional controls (gaps) on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.