What is OSPAR?

As financial institutions digitise and outsource critical business functions, protecting their customers’ confidential data, preventing disruptions to critical services, and safeguarding against cyberthreats have never been more important. These requirements demand that their outsourced partners have in place security and control measures to ensure that confidential data is managed to the highest standards.

In June 2015, the ABS issued a set of guidelines for which Outsourced Service Providers (OSPs) are to be audited against annually in accordance with the Singapore Standard on Assurance Engagements 3000 (Revised) for assurance engagements other than audits or reviews of historical financial information.

 

ABS OSPAR Compliant


What controls does OSPAR cover?

1. ENTITY-LEVEL CONTROLS
Such controls include but are not limited to risk assessment, information and communication, information security policies, as well as human resources policies and practices.

2. GENERAL INFORMATION TECHNOLOGY (IT) CONTROLS
Such controls include but are not limited to change and incident management, backup and disaster recovery (DRP), network and security management, and security incident response.

3. SERVICE CONTROLS
Such controls include but are not limited to setting up new clients, safeguarding assets, as well as service reporting and monitoring.

Benefits for FIs and their clients

Being ABS OSPAR-certified is a guarantee to FIs and their clients that the OSP complies with at least a minimum standard of controls and measures expected by the financial services industry. It also minimises the number of service control audits of the OSP required by the FI.

Why Stone Forest IT?

Apart from being ABS OSPAR-certified, Stone Forest IT is backed by a team of certified professionals across the infrastructure, network and security domains. This underscores our commitment to consistently provide clients with quality managed IT services backed by strong internal controls and safeguards of the highest standards.