News
Print Article

MAURITIUS FSC GUIDELINES CLOUD COMPUTING SERVICES 30 November 2023 [6 MONTHS TO COMPLY]

01/12/2023

The Financial Services Commission, Mauritius (‘FSC’) has issued guidance on using cloud computing services (as defined in the Appendix to the document and shown below) that allow access various types of software/hardware tools and applications.

The FSC Guidelines issued pursuant to the powers conferred to the FSC under section 7(1)(a) of the Financial Services Act (‘FSA’), aim at

  • Provide general guidance to licensees of the FSC (‘Licensees’) regarding the use of cloud computing services.

In addition to ensuring compliance with the provisions of the Data Protection Act, Cybersecurity and Cybercrime Act 2021 and the Information and Communication Technologies Act , licensees are required to

  • Comply with the provisions of these Guidelines,
  • While taking into consideration the nature, scale and complexity of their business activities, environment and risks respectively.

Any licensee which, before the coming into operation of this Guidelines, was making use of cloud computing services shall, within 6 months of the issue of these Guidelines, apply the provisions laid out therein

In these Guidelines -

  1. “Cloud computing” is a broad term which encompasses access to a shared pool of on-demand configurable computing resources over the internet. These resources take various forms where minimal management effort or service-provider interaction is required. The cloud computing services are offered in three main “cloud service models”, namely:
    1. Software as a Service (SaaS) - an application software hosted by a third-party provider and delivered to customers over the internet as a service. The application software typically takes the form of a standardised off-the-shelf application, which is free or paid via a subscription, and accessed over the internet from any device. Users have only permission to the configuration settings specific to the application.
    2. Platform as a Service (PaaS) - the usage of a computing platform where users may develop and run their own online applications using the tools, database and other providers’ resources available. Users have only control over their own applications which run on the platform; and
  2. Infrastructure as a Service (IaaS) - the usage of computer infrastructure resources – whether physical or virtual servers, networking, storage, and data centre space. Users have only control over the operating system, storage levels and specific networking components.
  3. “Cloud computing services” or “cloud-based services” refer to the services provided by the usage of cloud computing on a “pay-per-use” basis. These cloud services are provided through the following different deployment models:
    1. Public cloud: the cloud infrastructure is owned and operated by the service provider and is accessible on a public network.
    2. Private cloud: the cloud infrastructure is operated solely by a single organisation, either physically managed on-site data centre(s) (on-premises) or externally by a third party and hosted on a private network; and
    3. Hybrid cloud: the cloud infrastructure is built on a private cloud architecture with a strategic combination of public cloud services. It, therefore, retains some unique characteristics of the two infrastructures, which are interconnected.
  4. “Cloud infrastructure” refers to the essential characteristics of cloud computing, which may comprise of a physical layer and an abstraction layer. The physical layer consists of the hardware resources that are necessary to support the provision of the cloud service and typically includes servers, storage and network components. On the other hand, the abstraction layer consists of the software deployed across the physical layer.
  5. “Cloud service provider” refers to the entity providing or hosting the cloud service models.
  6. “Licensee” has the same meaning as in the FSA.
  7. “Material cloud service” refers to any cloud computing services adopted by a licensee whose interruption is likely to have a significant impact on:
    1. The licensee’s ability to continue in business and/or cause a significant disruption in the business operations of the licensee;
    2. The licensee’s ability to meet its regulatory responsibilities and/or the conditions of its licence;
    3. The licensee’s ability to manage risks including risks relating to any unauthorised access or disclosure, loss or theft of customer information; or
    4. Any critical or sensitive assets of the licensee including IT assets.
  8. “Outsourcing” means an arrangement whereby licensees engage a third-party service provider to perform activities on an ongoing basis that would normally be undertaken by the licensees themselves.

SOURCE

MAURITIUS

The Team

Meet the team of industry experts behind Comsure

Find out more

Latest News

Keep up to date with the very latest news from Comsure

Find out more

Gallery

View our latest imagery from our news and work

Find out more

Contact

Think we can help you and your business? Chat to us today

Get In Touch

News Disclaimer

As well as owning and publishing Comsure's copyrighted works, Comsure wishes to use the copyright-protected works of others. To do so, Comsure is applying for exemptions in the UK copyright law. There are certain very specific situations where Comsure is permitted to do so without seeking permission from the owner. These exemptions are in the copyright sections of the Copyright, Designs and Patents Act 1988 (as amended)[www.gov.UK/government/publications/copyright-acts-and-related-laws]. Many situations allow for Comsure to apply for exemptions. These include 1] Non-commercial research and private study, 2] Criticism, review and reporting of current events, 3] the copying of works in any medium as long as the use is to illustrate a point. 4] no posting is for commercial purposes [payment]. (for a full list of exemptions, please read here www.gov.uk/guidance/exceptions-to-copyright]. Concerning the exceptions, Comsure will acknowledge the work of the source author by providing a link to the source material. Comsure claims no ownership of non-Comsure content. The non-Comsure articles posted on the Comsure website are deemed important, relevant, and newsworthy to a Comsure audience (e.g. regulated financial services and professional firms [DNFSBs]). Comsure does not wish to take any credit for the publication, and the publication can be read in full in its original form if you click the articles link that always accompanies the news item. Also, Comsure does not seek any payment for highlighting these important articles. If you want any article removed, Comsure will automatically do so on a reasonable request if you email info@comsuregroup.com.