Artifact Peer Review
CCM Gap Analysis Report (ABS CCIG)
The Gap Analysis Report is a companion piece with the CCM Addendum (mapping with Association of Banks in Singapore Cloud Computing Implementation Guide 2.9). The peer review for both documents are intended to be done in parallel. To review the CCM Addendum, follow this link: https://cloudsecurityalliance.org/artifacts/ccm-addendum-abs-ccig The financial services industry is one of most important and regulated sectors in any market. It is typically bounded by a multitude of regulations that financial institutions (FIs) need to comply with. It is both daunting and challenging, yet a necessary task for conscientious FIs to review these available regulations / guidelines / frameworks / best practices, comply with mandatory regulations, and make decisions about which best practices and recommendations to take heed of, in order to reduce their overall risk exposure and keep up with the industry’s progress. This mammoth task gets exponentially difficult for FIs operating beyond a single country or regulatory space, especially when relevant regulations and frameworks are constantly evolving. Because of this complex landscape, mapping of frameworks is a useful and popular tool for FIs looking to seek compliance to multiple standards and best practices. In this exercise, the Working Group mapped the Association of Banks in Singapore (ABS) Cloud Computing Implementation Guide (CCIG) 2.0 to CSA’s Cloud Controls Matrix 3.0.1, and summarized the mapping results in the accompanying Gap Analysis Report. Singapore FIs who are already in line with ABS CCIG 2.0 will benefit through being able to easily identify and fulfill additional controls (gaps) on top of the ABS CCIG 2.0 to achieve adherence to other targeted frameworks within CCM, which is useful when expanding to other markets.