2018-06-12
Added · Updated
The Hong Kong Monetary Authority issues this letter to outline the phased implementation schedule for the Cyber Resilience Assessment Framework among Authorized Institutions. It establishes a second phase for 60 higher-risk institutions and a third phase for the remaining 90 institutions, while also accepting qualified professionals without specific PDP certification to conduct assessments. The regulator further mandates that institutions address identified control gaps and maintain robust governance to ensure ongoing cybersecurity effectiveness.