The Bank of Mauritius has just issued a new Guideline on the use of cloud services which, despite their known advantages, “can expose financial institutions to additional risks.”
This Guideline, which came into effect on 7 September 2022, sets out the general requirements for the use of cloud services and the additional minimum requirements for the use of material cloud services and for cloud services which involve customer information.
“Financial institutions are expected to follow a risk-based approach in respect of cloud services. The level of governance to be applied, the risk assessment, the information security requirements, the types of controls to be deployed, the contingency plans and exit strategies as well as the level of the initial and on-going due diligence and assurance to be performed shall be commensurate with the materiality of the services,” the BoM said.
It also urged financial institutions to have a phased and prudent deployment for material cloud services.
“They should comply with all the requirements of this Guideline and implement additional controls in light of latest international standards and best practices for material cloud services.”
The Central Bank also warned financial institutions to comply with the Guidelines on Outsourcing by Financial Institutions in the event the use of cloud services includes an outsourced activity.
View the Guideline by clicking HERE
Source: Bank of Mauritius