MFSA Guidance Principles

The MFSA has outlined four principles to guide entities in achieving or maintaining compliance with the ICT Guidance document.

The MFSA has devised four Principles which provide guidance and clarity of expectations of entities to maintain compliance, or to become compliant with the ICT Guidance document issued by the MFSA:

 

Principle 1 – Proportionality 

The nature of the Licence Holder’s operations and risk tolerance should be considered, as well as the service offered by the Licence Holder to efficiently achieve compliance. 

 

Principle 2 – Principles-based consistency of Outcomes 

The MFSA’s objective is to achieve a consistent level of compliance across all Licence Holders in all sectors, irrespective of the method of Technology Arrangement adopted. The Guidance does not favour one service model over another, however instead, objectively strives for meeting a standard level of compliance.

 

Principle 3 – Information Assurance (IA) in Technology Arrangements 

A Technology Arrangement design should ensure the inclusion and consideration of the 5 Pillars governing Information Assurance: Authentication, Availability, Confidentiality, Integrity and Non-repudiation.

The assurance that someone cannot deny the validity of something.

Preserving authorised restrictions on information access & disclosure, e.g protecting personal privacy & proprietary information.

Guarder against improper information modification or destruction and included ensuring information non-repudiation & authenticity.

Ensuring timely and reliable access and use of information by authorized users.

The process of determining whether someone or something is, in fact, who or what it declares itself to be.

Principle 4 – Approach to Cloud Computing 

Adoption of Cloud Computing should be formed on sound governance and management. This should also consider the guidance principles as outlined in the ‘Guiding Principles for Cloud Computing Adoption and Use’ issued by ISACA: Enablement, Cost benefit, Enterprise Risk, Capability, Accountability and Trust.


Want to know more?

Key Contacts

Get in touch with our technology experts

Ivan Spiteri Director Technology BDO Malta

Ivan Spiteri

Director of Technology Advisory & Assurance
View bio