HKMA TM-G-1 is the Supervisory Policy Manual module for technology risk management. It covers technology governance, IT operations, security, system development, outsourcing, cyber resilience, incident management, and assurance.
Official source
What teams need to do
- Confirm the current TM-G-1 module version.
- Map systems, data, providers, access, recovery requirements, and business services.
- Maintain controls for access, vulnerability, patching, logging, backup, change, and incident
response.
- Review technology outsourcing and cloud providers.
- Preserve assurance, remediation, and reporting evidence.
Evidence to maintain
- Technology risk policies and system inventory.
- Provider and cloud records.
- Access, vulnerability, incident, recovery, testing, and audit evidence.
- Monitoring and remediation.
Common gaps
- Technology providers are not linked to system criticality.
- Cloud dependencies are not connected to recovery planning.
- Incidents do not update provider risk.
How Halbarad helps
Halbarad helps map technology providers to systems, data, controls, incidents, downstream parties, and remediation.
Disclaimer
This guide is for general information only and is not legal advice. Review the official regulation, guidance, and supervisory materials, and consult qualified counsel or compliance advisors for your organization's specific obligations.