Requirements on technology risk management for insurers.
This notice applies to all licensed insurers, except captive insurers and marine mutual insurers.
It sets out requirements for the identification of critical systems, and for insurers to maintain high availability and recovery time objective for critical systems. Insurers are also required to notify MAS of relevant incidents according to the prescribed timeline and format.
Insurers must also implement IT controls to protect customer information from unauthorised access or disclosure.
See also: