2026-01-08

Added · Updated

Practice Guide on Cloud Adoption

The Hong Kong Monetary Authority issued this Practice Guide on Cloud Adoption to provide regulatory expectations for authorized institutions utilizing cloud services. It establishes requirements for internal controls, operational resilience, and technology risk management to ensure robust cybersecurity and outsourcing governance. The document supersedes previous guidance on cloud computing and aligns with broader frameworks for operational resilience and general technology risk principles.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

CIR

Current

Issue Date:

08 Jan 2026

20260108-2-EN.pdf (2.0 MB)

Topic:

Internal Controls - Insourcing/Outsourcing

Operational Risk Management - Others

Technology Risk Management - Cybersecurity

Technology Risk Management - Others

Group:

All Authorized Institutions

Directly related Document

Cross referenced Document

Version History

Superseded Document

Directly related Document

Practice Guide on Cloud Adoption

CIR

Current

08 Jan 2026

Practice Guide on Cloud Adoption

SPM-NGL

Current

31 May 2022

OR-2 Operational Resilience

SPM-NGL

Current

24 Jun 2003

TM-G-1 General principles for technology risk management

SPM-NGL

Current

28 Dec 2001

SA-2 Outsourcing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

Annex: Guidance on Cloud Computing

Practice Guide on Cloud Adoption

CIR

Current

08 Jan 2026

Practice Guide on Cloud Adoption

SPM-NGL

Current

31 May 2022

OR-2 Operational Resilience

SPM-NGL

Current

24 Jun 2003

TM-G-1 General principles for technology risk management

SPM-NGL

Current

28 Dec 2001

SA-2 Outsourcing

Version History

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

Annex: Guidance on Cloud Computing

You may also be interested in

CIR

Current

24 May 2016

Cybersecurity Fortification Initiative

CIR

Current

21 Dec 2016

Cybersecurity Fortification Initiative

CIR

Current

03 Nov 2020

Cybersecurity Fortification Initiative 2.0