2026-01-08

Added · Updated

Practice Guide on Cloud Adoption

The regulator issued the Practice Guide on Cloud Adoption on January 8, 2026, to provide updated guidance for all authorized institutions regarding cloud computing risks. This document supersedes previous archived guidance on cloud computing and aligns with broader operational resilience and technology risk management principles. It establishes requirements for internal controls, insourcing, outsourcing, and cybersecurity measures associated with cloud adoption.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

CIR

Current

Issue Date:

08 Jan 2026

20260108-3-EN.pdf (182.5 KB)

Topic:

Internal Controls - Insourcing/Outsourcing

Operational Risk Management - Others

Technology Risk Management - Cybersecurity

Technology Risk Management - Others

Group:

All Authorized Institutions

Directly related Document

Cross referenced Document

Version History

Superseded Document

Directly related Document

Practice Guide on Cloud Adoption

Annex

Current

08 Jan 2026

Enclosure - Practice Guide on Cloud Adoption

SPM-NGL

Current

31 May 2022

OR-2 Operational Resilience

SPM-NGL

Current

24 Jun 2003

TM-G-1 General principles for technology risk management

SPM-NGL

Current

28 Dec 2001

SA-2 Outsourcing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

Annex: Guidance on Cloud Computing

Practice Guide on Cloud Adoption

Annex

Current

08 Jan 2026

Enclosure - Practice Guide on Cloud Adoption

SPM-NGL

Current

31 May 2022

OR-2 Operational Resilience

SPM-NGL

Current

24 Jun 2003

TM-G-1 General principles for technology risk management

SPM-NGL

Current

28 Dec 2001

SA-2 Outsourcing

Version History

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

CIR

Archive

31 Aug 2022

Guidance on Cloud Computing

Annex: Guidance on Cloud Computing

You may also be interested in

CIR

Current

24 May 2016

Cybersecurity Fortification Initiative

CIR

Current

21 Dec 2016

Cybersecurity Fortification Initiative

CIR

Current

03 Nov 2020

Cybersecurity Fortification Initiative 2.0