MAS TRM Readiness Check

Score each MAS TRM domain.

Nine MAS TRM control domains. Mark each (0=None / 1=Partial / 2=Mostly / 3=Fully) and we'll surface a heat-map.

Domain 1 · MAS TRM §3

Technology Risk Governance

Board approves IT risk strategy; ITRC/TRMC committees meet ≥quarterly with documented minutes.

Domain 2 · MAS TRM §4

Technology Risk Management Framework

Documented TRM framework with risk identification, assessment, treatment, monitoring and reporting processes.

Domain 3 · MAS TRM §5

IT Resource Management

Defined roles (CIO/CISO), skills inventory, succession planning, ongoing training programme.

Domain 4 · MAS TRM §6

Systems Acquisition & Development

Secure SDLC with code review, threat modelling and penetration testing before production release.

Domain 5 · MAS TRM §7

IT Service Management

Change management, problem management, capacity & availability management aligned to ITIL.

Domain 6 · MAS TRM §8

Systems Reliability, Availability & Recoverability

Critical systems with RTO ≤ 4 hours, annual DR drills, hot/warm/cold standby per criticality.

Domain 7 · MAS TRM §9

Data Centre Protection

Tier-3+ data centres with multi-zone redundancy, environmental controls and physical access logs.

Domain 8 · MAS TRM §10

Network & Infrastructure Security

Segmentation, perimeter defence, secure remote access, encrypted traffic, monitored SOC.

Domain 9 · MAS TRM §11–14

Cyber Security & Third-Party Risk

Vendor risk tiering, due diligence, exit plans, concentration risk monitoring (esp. cloud).