2024-09-27

Added · Updated

Good Practices for Managing Third-Party IT Solutions

The regulator issues guidance on managing risks associated with third-party IT solutions by enhancing risk assessment processes throughout the vendor life cycle. Institutions are required to implement robust IT change management, privileged access controls, and preparedness protocols for IT incidents to mitigate operational and security impacts. These measures include adopting gradual deployment strategies, ensuring least-privilege access, and establishing clear communication and recovery procedures for large-scale outages.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view full text