Back

Refrain from implementing systems that are beyond the organization's risk acceptance level.


CONTROL ID
13054
CONTROL TYPE
Acquisition/Sale of Assets or Services
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Conduct a risk assessment to determine operational risks as a part of the acquisition feasibility study., CC ID: 01135

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • The FI should refrain from implementing and running a system where the threats to the safety and soundness of the IT system are insurmountable and the risks cannot be adequately controlled. (ยง 4.4.5, Monetary Authority of Singapore: Technology Risk Management Guidelines)