2026-01-08
Added · Updated
The regulator issued the Practice Guide on Cloud Adoption on January 8, 2026, to provide updated guidance for all authorized institutions regarding cloud computing risks. This document supersedes previous archived guidance on cloud computing and aligns with broader operational resilience and technology risk management principles. It establishes requirements for internal controls, insourcing, outsourcing, and cybersecurity measures associated with cloud adoption.
CIR
Current
Issue Date:
08 Jan 2026
20260108-3-EN.pdf (182.5 KB)
Topic:
Internal Controls - Insourcing/Outsourcing
Operational Risk Management - Others
Technology Risk Management - Cybersecurity
Technology Risk Management - Others
Group:
All Authorized Institutions
Directly related Document
Cross referenced Document
Version History
Superseded Document
Directly related Document
Practice Guide on Cloud Adoption
Annex
Current
08 Jan 2026
Enclosure - Practice Guide on Cloud Adoption
SPM-NGL
Current
31 May 2022
OR-2 Operational Resilience
SPM-NGL
Current
24 Jun 2003
TM-G-1 General principles for technology risk management
SPM-NGL
Current
28 Dec 2001
SA-2 Outsourcing
CIR
Archive
31 Aug 2022
Guidance on Cloud Computing
CIR
Archive
31 Aug 2022
Guidance on Cloud Computing
Annex: Guidance on Cloud Computing
Practice Guide on Cloud Adoption
Annex
Current
08 Jan 2026
Enclosure - Practice Guide on Cloud Adoption
SPM-NGL
Current
31 May 2022
OR-2 Operational Resilience
SPM-NGL
Current
24 Jun 2003
TM-G-1 General principles for technology risk management
SPM-NGL
Current
28 Dec 2001
SA-2 Outsourcing
Version History
CIR
Archive
31 Aug 2022
Guidance on Cloud Computing
CIR
Archive
31 Aug 2022
Guidance on Cloud Computing
Annex: Guidance on Cloud Computing
You may also be interested in
CIR
Current
24 May 2016
Cybersecurity Fortification Initiative
CIR
Current
21 Dec 2016
Cybersecurity Fortification Initiative
CIR
Current
03 Nov 2020
Cybersecurity Fortification Initiative 2.0