OR-05 IT Operations & Resilience

Regulatory & Compliance Monitoring

Applicable obligations are tracked and assessed.

Domain: IT Operations & Resilience
Control type: Detective
Automated / manual: Manual
Frequency: Periodic
Framework reference: MAS; PDPA

What good looks like

A process tracks technology/regulatory obligations and assesses compliance.

Risk if it fails

Regulatory breaches, penalties, licensing impact.

How Tess tests it

3 tests — each concludes only on cited evidence.

Obligations register/tracking defined

Design

Procedure: Inspect the register.
Expected: Defined.
Sample: 1 (design inspection)
Evidence: Compliance register/obligations matrix.

Obligations mapped (MAS/PDPA/etc.)

Operating

Procedure: Inspect the mapping.
Expected: Complete mapping.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Compliance register/obligations matrix.

Compliance periodically assessed

Operating

Procedure: Inspect assessments.
Expected: Assessed periodically.
Sample: Judgmental, by population (e.g. 10–25)
Evidence: Compliance register/obligations matrix.

Evidence Tess looks for

Compliance register/obligations matrix.

More in IT Operations & Resilience

OR-01 IT Governance & Oversight OR-02 IT & Information Security Policies OR-03 IT Risk Assessment OR-04 Asset & Configuration Management

Want Tess to test OR-05 against your evidence?