What It Is

ISO 26000:2010 is a voluntary international guidance standard on social responsibility (SR), applicable to all organizations regardless of size, type or location. Unlike certifiable standards like ISO 14001, it provides non-prescriptive principles and practices for integrating SR into governance and operations, using a stakeholder-informed, holistic approach.

Key Components

• **Seven principlesAccountability, transparency, ethical behavior, respect for stakeholder interests, rule of law, international norms, human rights.
• **Seven core subjectsOrganizational governance, human rights, labor practices, environment, fair operating practices, consumer issues, community involvement.
• Built on multi-stakeholder consensus; no requirements or certification model—credibility via transparency and reporting.

Why Organizations Use It

Enhances sustainability commitment, risk management (e.g., supply chain due diligence), alignment with SDGs/OECD/GRI, stakeholder trust, and resilience without certification burdens. Drives strategic benefits like talent retention and market access.

Implementation Overview

Phased approach: materiality assessment, stakeholder engagement, policy integration into management systems, training, KPIs, transparent reporting. Suited for all sectors/geographies; uses PDCA for continuous improvement, supported by ISO tools like Communication Protocol.

What It Is

MAS Technology Risk Management (TRM) Guidelines (January 2021) are supervisory guidelines from Singapore's Monetary Authority for financial institutions (FIs). They establish a risk-based framework for governing technology and cyber risks, emphasizing proportionality to FI size, complexity, and exposure.

Key Components

• 15 sections spanning governance, asset inventories, risk assessment, secure SDLC, IT service management, resilience, access controls, cryptography, cyber operations, testing, and audit.
• Core principles: board accountability, defence-in-depth, continuous monitoring/improvement.
• No certification; compliance via supervisory review and enforcement.

Why Organizations Use It

• Mandatory for MAS-regulated FIs (banks, insurers, fintechs) to avoid fines, license actions.
• Builds resilience, reduces systemic risks, supports digital transformation.
• Enhances trust, operational stability, ERM integration.

Implementation Overview

• Phased: establish governance, inventory assets, assess risks, deploy controls, test resilience.
• Targets Singapore FIs; scalable by risk profile.
• Requires board-approved strategy, independent functions, metrics reporting.