The Association of Banks in Singapore (ABS) has developed this implementation guide for Financial
Institutions (FIs) to use when entering into Cloud outsourcing arrangements.
The recommendations that lie within have been discussed and agreed by members of the ABS Standing Committee for Cyber Security (SCCS) with the intent to assist FIs in understanding approaches to due diligence, vendor management and key controls that should be implemented in Cloud outsourcing arrangements. Additionally it can be used by Cloud Service Providers (CSPs) to better understand what is required to achieve successful Cloud outsourcing arrangements with FIs. The guiding principle that information security controls in the Cloud must be at least as strong as what the FIs would have implemented had the operations been performed in-house should apply. In addition, the security controls should also address the unique risks that are associated with outsourcing to the Cloud. These guidelines are set out in the three following sections: