We've rebranded! Find out more about our rebrand to LRQA Nettitude here
Select Page


What is MAS TRM?

MAS TRM is a comprehensive set of guidelines from the Monetary Authority of Singapore aimed at helping Financial Institutions (Fis) improve their cyber resilience and establish sound and robust technology management practices. MAS TRM is an acronym for ‘Monetary Authority of Singapore Technology Risk Management’.

Benefits Of MAS Compliance

The MAS TRM Compliance service helps an organisation:

  • Determine maturity of the controls implemented and identify gaps/areas of improvements regarding the MAS TRM Guidelines.
  • Determine the applicability of controls and assessing the policy/process as well as security controls to determine the overall maturity and effectiveness of the security posture of your organisation.
The MAS TRM Guidelines are aimed to promote the adoption of sound and robust security practices for the management of technology risks and as the name suggests the guideline is not to be regarded as standards.

Meeting The Challenge

Implementing the MAS TRM cybersecurity guidelines and managing compliance to it, is a challenge faced by many organisations large and small. The requirement to implement controls, be cyber resilient and institute robust risk management and oversight can seem a daunting process and can be difficult to evaluate.
For those wanting to understand and improve their current security posture, the range of services provided by LRQA Nettitude can be used to baseline your maturity level and help you evolve your information security strategy in alignment with the MAS TRM Guidelines.

About The MAS TRM Compliance Service

  • LRQA Nettitude can help our clients analyse their security posture against the MAS TRM Guidelines and identify gaps and areas of improvement. The MAS TRM Compliance review service provided by LRQA Nettitude will be delivered in a phased approach conducted by experienced consultants. Our consultants are well-versed with NIST, ISO 27001:2013, CIS and other industry frameworks many of which are the building blocks of the MAS TRM Guidelines.
  • Our MAS TRM compliance consultants will conduct workshops with different stakeholders through different stages of the engagement. The workshops are designed for top-level management, decision-makers, risk owners, business lines and IT champions – people who have vested interests in compliance with the MAS TRM Guidelines and can additionally provide inputs on the scope of the services that your organisation engages in. Our consultants will also identify the systems, application, infrastructure, technologies that are used by your organisation to deliver services to your customer and therefore is in the scope of the MAS TRM Guidelines.
  • If you are running a security or compliance regime, such as PCI DSS, ISO/IEC 27001:2013, NIST Cybersecurity Framework it will demonstrate how the work you are already doing brings you closer to achieving compliance with the MAS TRM Guidelines.
  • Our consultants will perform an ISMS review which is aimed at evaluating the existing ISMS that your organisation has in place. Our consultants will review your policies, procedures, process documents to determine how well they align with the MAS TRM Guidelines to determine compliance, identify gaps and potential areas of improvement.
  • Our consultants will use a combination of substantive and compliance methods to assess your security controls against the clauses provided in the MAS TRM Guidelines and determine how well your organisation is operating these controls. This review will look across your entire organisation to provide you with an indication of your security posture and risk levels which you are currently exposed to as against the MAS TRM Guidelines. It will also provide you with the ability to create SMART activities/objectives to address those risks.
  • LRQA Nettitude firmly believe in operating good security as the foundation of our offerings so have broken down the MAS TRM Guidelines Compliance review into a number of distinct activities across the following phases:
Phase 1: Planning and Preparation
During this phase, our consultants will conduct kick off meeting and workshops to determine the business context and services of the FIs.
Our consultants will also identify the systems and infrastructure used that are in-scope for the MAS TRM Guidelines and technologies used by the FIs
Phase 2: Fieldwork
During this phase, our consultants will review all existing policies, procedures, processes and assess how effectively the FI has designed controls for technology risk management and cyber resilience.
Our consultants will also perform a sample-based testing for the controls to determine the operating effectiveness of the controls designed and implemented.
Phase 3: Reporting and Recommendation
During this phase, our consultants will compile the results of the fieldwork performed and prepare reports to be delivered to your oganisation.
The report will detail the gaps identified against the MAS TRM Gudeilines, areas of improvement with detailed issue description as well as recommendations on how the gaps can be remediated.

Our Other Services That Can Help Clients With MAS TRM Guidelines

LRQA Nettitude can help our clients to navigate through the various controls specified in the MAS TRM Guidelines through a range of our services that clients can avail based on specific scenarios. The table below provides some of our services mapped to the MAS TRM clause.

LRQA Nettitude Offering

  • Policies and process development
  • Asset Inventory development
  • Third Party Security Assessments
  • Security Awareness Trainings
  • Source Code Review and Application Security Testing
  • Physical Security Assessments
  • LRQA Nettitude SOC
  • LRQA Nettitude CERT
  • Vulnerability Assessment and Configuration Reviews
  • Penetration Testing
  • LRQA Nettitude Bug Bounty Program
  • LRQA Nettitude Red Teaming and Simulated Targeted Attack and Response (STAR)
  • LRQA Nettitude GRC (Assist with compliance testing and IT Internal Audit)
  • Why LRQA Nettitude

    Founded in 2003, LRQA Nettitude is an award-winning provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace. Leveraging our tenacious curiosity, we aim to operate at the forefront of the industry. Through our research and innovation centres, LRQA Nettitude provides threat led services that span technical assurance, consulting and managed detection and response offerings.

    We are driven by a desire to build and deliver the best cybersecurity propositions in the industry and stay abreast of the evolving legislative and regulatory cybersecurity landscape. This helps our clients to prioritise their cybersecurity risks, enabling them to focus on the activities that are core to their business.

    We aim to empower our clients, imparting knowledge, advice and assistance to help them deploy changes in behaviour, understanding, and where appropriate, culture. This methodology is at the core of our services, helping provide pragmatic cybersecurity for industries such as Finance & Banking, IT, Technology and Engineering, Maritime, Offshore, Retail, Healthcare, Manufacturing and Critical National Infrastructure.

    Get a free quote