Ivan Spiteri
The MFSA has devised four Principles which provide guidance and clarity of expectations of entities to maintain compliance, or to become compliant with the Guidance document issued by the MFSA:
Principle 1 – Proportionality
The nature of the Licence Holder’s operations and risk tolerance should be considered, as well as the service offered by the Licence Holder to efficiently achieve compliance.
Principle 2 – Principles-based consistency of Outcomes
The MFSA’s objective is to achieve a consistent level of compliance across all Licence Holders in all sectors, irrespective of the method of Technology Arrangement adopted. The Guidance does not favour one service model over another, however instead, objectively strives for meeting a standard level of compliance.
Principle 3 – Information Assurance (IA) in Technology Arrangements
A Technology Arrangement design should ensure the inclusion and consideration of the 5 Pillars governing Information Assurance: Authentication, Availability, Confidentiality, Integrity and Non-repudiation.
Principle 4 – Approach to Cloud Computing
Adoption of Cloud Computing should be formed on sound governance and management. This should also consider the guidance principles as outlined in the ‘Guiding Principles for Cloud Computing Adoption and Use’ issued by ISACA: Enablement, Cost benefit, Enterprise Risk, Capability, Accountability and Trust.