PETALING JAYA: The Securities Commission’s (SC) has kicked off its revised guidelines on technology risk management with effect from Aug 19, 2024.

In a statement, the SC said the guidelines supersede the Management of Cyber Risk.

“The guidelines were initially released in August 2023 for capital market entities to be familiar with risk management practices, which now expand beyond cyber security to include technology risks, among others.

“The revised guidelines emphasise the significance of strengthening operational reliability, security and resilience against technology disruptions.”

The guidelines also set out the SC’s expectations on risk management practices to be adopted by industry.

“The key areas covered include ‘change management’ process, third party service providers, reporting requirements, technology audit, board oversight and accountability over technology risks.”

The SC noted that the CrowdStrike outage highlighted the vulnerability of the digital infrastructure and the widespread impact such incidents can have on organisations.

“It also emphasises the importance of regulations like the guidelines in strengthening operational resilience practices. In light of this incident, it is imperative that all capital market entities recognise the importance of observing the guidelines. This not only protects against immediate technology risks, but also builds a resilient, secure, and ethical technological landscape for the future.”The SC said this initiative underscores its ongoing efforts to strengthen Malaysia’s capital market and investor confidence.