The Securities Commission Malaysia (SC) has implemented revised Guidelines on Technology Risk Management (Guidelines) that came into effect today. These new Guidelines replace the previous Guidelines on Management of Cyber Risk (GMCR), expanding the scope beyond cybersecurity to encompass a broader range of technology risks.
The revised Guidelines, originally introduced in August 2023, are designed to help capital market entities understand and manage various technology risks. Emphasizing the need for operational reliability, security, and resilience against technology disruptions, the Guidelines outline the SC’s expectations for risk management practices within the industry.
Key areas addressed in the Guidelines include the ‘change management’ process, oversight of third-party service providers, reporting requirements, technology audits, and board accountability in managing technology risks. These measures aim to protect the industry from technology-related incidents and ensure a secure and resilient technological environment.
The recent CrowdStrike outage has underscored the vulnerability of digital infrastructure and the significant impact such incidents can…