What is the primary objective of **WELL**?

**The primary objective of WELL is to advance human health and well-being in buildings through evidence-based design, operations, and policies.** Administered by the International WELL Building Institute (IWBI), WELL v2 organizes requirements into **10 concepts**—**Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community**—plus **Innovation**. It mandates **24 Preconditions** (pass/fail minimums) and offers **102 Optimizations** for points, verified via on-site performance testing of IEQ metrics like CO₂ ≤900 ppm and humidity 30-60%.

Who is legally or professionally required to comply with **WELL**?

**WELL is voluntary with no legal mandates, but professionals in real estate, facilities, HR, and design pursue it for market differentiation and ESG reporting.** Owners, developers, and operators of new/existing buildings (offices, residential, hospitality) use pathways like **WELL Certification** (owner-controlled), **WELL Core** (base buildings leasing ≥75% space), or thematic ratings (**Health-Safety, Performance, Equity**). WELL APs and Performance Testing Agents are credentialed for compliance.

Does **WELL** require an external audit or third-party certification?

**Yes, WELL mandates third-party documentation review and on-site performance verification by authorized WELL Performance Testing Agents.** Projects undergo two review rounds (preliminary/final) via IWBI's platform, plus testing for air, water, light, sound, and thermal metrics at ≥50% occupancy. Certification levels (**Bronze 40 points, Silver 50 (≥1/concept), Gold 60 (≥2/concept), Platinum 80 (≥3/concept)**) require all **Preconditions** met.

How often should an assessment for **WELL** be performed?

**WELL requires recertification every three years with annual reporting for select features like air quality.** Ongoing assessments use continuous monitoring (e.g., CO₂, PM2.5) for features like A08 (≥1 monitor/325 m², recalibrated annually, updated every 15 minutes). Pre-testing is recommended pre-verification; post-certification, performance data supports ESG and drift detection.

What are the consequences of non-compliance with **WELL**?

**Non-compliance prevents certification award and incurs review fees/delays, with no direct fines as WELL is voluntary.** Failed **Preconditions** block points; curative reviews add costs. Operationally, it risks reputational harm, lost leasing premiums (e.g., 4-7% rent uplift), productivity losses, and ESG gaps, but no statutory penalties apply.

Can **WELL** be mapped to other international frameworks?

**IWBI provides official crosswalks mapping WELL to frameworks like LEED.** Features align (e.g., WELL Air with LEED IAQ), enabling dual certification via shared evidence, reducing duplication in portfolios.

What is the first step to begin implementing **WELL**?

**The first step is project enrollment/registration on IWBI's digital platform and scorecard development.** Identify pathways, target levels, and gaps against **24 Preconditions**/ **102 Optimizations**; conduct pre-testing for high-risk features (e.g., Air near highways).

What is the primary objective of **MAS TRM**?

**MAS TRM's primary objective is to establish sound technology risk governance and cyber resilience through defence-in-depth controls preserving confidentiality, integrity, and availability (CIA) of data and systems.** Issued by the Monetary Authority of Singapore (MAS) in January 2021, the Guidelines promote proportional practices across financial institutions (FIs), covering governance (§3), risk frameworks (§4), secure SDLC (§5-6), IT service management (§7), resilience (§8), access/cryptography (§9-10), cyber operations (§11-13), and audit (§15).

Who is legally or professionally required to comply with **MAS TRM**?

**MAS TRM applies to all financial institutions (FIs) supervised by MAS, including banks, insurers, capital market intermediaries, payment service providers, and fintech sandbox participants.** Proportionality scales implementation to risk profile and complexity (§2.2), but boards and senior management bear ultimate accountability for oversight, risk appetite approval, and timely incident escalation (§3.1). Third-party service providers handling FI assets must meet equivalent standards (§3.4, §9.1.8).

Does **MAS TRM** require an external audit or third-party certification?

**MAS TRM mandates an independent internal audit function to assess TRM control effectiveness, governance, and risk management (§3.1.7, §15), but does not require external audits or certifications.** FIs may engage external experts for penetration testing (§13.2), cyber exercises (§13.3-13.4), or managed security services (§12.2.1); however, observance is evaluated via MAS supervision, not formal certification.

How often should an assessment for **MAS TRM** be performed?

**MAS TRM requires risk framework reviews commensurate with evolving threats (§4.1.5), annual penetration testing for internet-exposed systems (§13.2.4), regular vulnerability assessments by criticality (§13.1.1), and periodic DR testing (§8.3).** Policies must be reviewed regularly (§3.2.1), asset inventories updated periodically (§3.3.2), and cyber exercises scheduled based on objectives (§13.3).

What are the consequences of non-compliance with **MAS TRM**?

**Non-compliance with MAS TRM risks supervisory actions including fines (e.g., S$27.45 million across nine FIs for related lapses), license revocation, and executive prohibition orders.** MAS evaluates "spirit of the Guidelines" adherence (§2.2), leading to remediation directives, heightened scrutiny, reputational damage, and operational disruptions from weak governance or resilience failures.

Can **MAS TRM** be mapped to other international frameworks?

**Yes, MAS TRM aligns with outcomes in NIST CSF 2.0 (Govern-Identify-Protect-Detect-Respond-Recover) and ISO 27001's ISMS controls.** It supports ERM integration via risk registers (§4.5) akin to NIST IR 8286 CSRRs, with hybrid use encouraged for monitoring and assurance; however, MAS TRM remains the primary supervisory benchmark for Singapore FIs.

What is the first step to begin implementing **MAS TRM**?

**The first step is Board approval of a technology risk appetite/tolerance statement and establishment of an independent TRM function (§3.1.7).** This enables asset inventories (§3.3), risk identification (§4.2), and proportional control design across governance, operations, and cyber domains.

WELL vs MAS TRM

Standards Comparison

WELL

Voluntary

2014

Building certification for occupant health performance

MAS TRM

Mandatory

2021

Singapore guidelines for financial technology risk management.

Quick Verdict

WELL certifies healthy buildings via performance testing for all industries globally, while MAS TRM enforces technology risk controls for Singapore FIs. Organizations adopt WELL for ESG/tenant appeal; MAS TRM to avoid fines and ensure cyber resilience.

Building Health & Wellness

WELL

WELL v2 Building Standard

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Mandatory on-site performance verification testing
10 core concepts for occupant health
Preconditions plus point-based optimizations
Certification tiers Bronze to Platinum
Continuous monitoring compliance pathways

Technology Risk Management

MAS TRM

MAS Technology Risk Management Guidelines 2021

Cost

€€€€

Complexity

Medium

Implementation Time

12-18 months

Key Features

Board and senior management accountability for TRM
Proportional, risk-based control implementation
End-to-end lifecycle: governance to cyber testing
Third-party risk assessment and ongoing monitoring
Annual penetration testing for internet-facing systems

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

WELL Details

What It Is

The WELL Building Standard v2 is a performance-based certification framework administered by the International WELL Building Institute (IWBI). It focuses on designing, operating, and verifying buildings to advance human health and well-being. Scope covers new and existing buildings across sectors like offices, residential, and hospitality. Its evidence-based approach combines mandatory Preconditions with optional Optimizations for tiered certification.

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).
24 Preconditions and 102 Optimizations totaling up to 110 points.
Built on public health research and building science.
Certification model: Bronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums at higher tiers.

Why Organizations Use It

Drives occupant productivity, reduces absenteeism, enhances ESG reporting, and boosts property value/rents. Voluntary but tenant-demanded; mitigates health risks and builds stakeholder trust via verified performance.

Implementation Overview

Phased: gap analysis, scorecard development, documentation review, on-site verification, recertification every 3 years. Applies universally; requires cross-functional teams, third-party testing, continuous monitoring.

MAS TRM Details

What It Is

MAS Technology Risk Management (TRM) Guidelines (January 2021) are supervisory guidelines from Singapore's Monetary Authority of Singapore (MAS) for financial institutions. They provide a risk-based framework for managing technology and cyber risks across governance, operations, and resilience, emphasizing proportionality to FI complexity.

Key Components

Covers 15 sections: governance, asset management, SDLC, IT service management, resilience, access control, cryptography, cyber operations, testing, and audit.
No fixed controls; focuses on principles like board accountability, defence-in-depth, security-by-design.
Compliance via supervisory review, no formal certification.

Why Organizations Use It

Mandatory observance for MAS-regulated FIs to avoid fines/enforcement.
Enhances resilience, reduces systemic risks, builds trust.
Supports ERM integration, third-party oversight, AI governance.

Implementation Overview

Phased: governance setup, asset inventory, control deployment, testing.
Applies to banks/insurers in Singapore; scales by size/risk.
Involves audits, metrics, board reporting; 12-24 months typical.

Key Differences

Aspect	WELL	MAS TRM
Scope	Building health concepts (air, water, light, etc.)	Technology/cyber risk governance and controls
Industry	All building types globally (offices, residential)	Singapore financial institutions only
Nature	Voluntary performance-based certification	Supervisory guidelines with enforcement
Testing	On-site performance verification, continuous monitoring	Penetration testing, vulnerability assessments annually
Penalties	Loss of certification, no legal fines	Fines, license revocation, executive prohibitions

Scope

WELL

Building health concepts (air, water, light, etc.)

MAS TRM

Technology/cyber risk governance and controls

Industry

WELL

All building types globally (offices, residential)

MAS TRM

Singapore financial institutions only

Nature

WELL

Voluntary performance-based certification

MAS TRM

Supervisory guidelines with enforcement

Testing

WELL

On-site performance verification, continuous monitoring

MAS TRM

Penetration testing, vulnerability assessments annually

Penalties

WELL

Loss of certification, no legal fines

MAS TRM

Fines, license revocation, executive prohibitions

Frequently Asked Questions

Common questions about WELL and MAS TRM

WELL FAQ

MAS TRM FAQ

You Might also be Interested in These Articles...

CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

Operationalize CIS Controls v8.1 with compliance monitoring software. Turn checklists into dashboards, tickets, and audit-proof workflows. Top 10 reasons it acc

Beyond the Burden: How Intuitive Compliance Software Transforms Daily Workflows

Explore intuitive compliance software that automates workflows, simplifies onboarding, and reduces stress. Cut non-compliance costs 3x and boost efficiency for

Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention

Discover how modern compliance monitoring tools leverage continuous, real-time oversight and automated alerts to shift organizations from reactive problem-solving to proactive threat detection and prevention, safeguarding against emerging risks before they escalate.

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

RoHS vs ISO 27032

RoHS vs ISO 27032: Compare EU hazardous substances rules for EEE with cybersecurity guidelines for cyberspace. Ensure compliance, cut risks. Dive in now!

ISO 13485 vs ISO 22301

Compare ISO 13485 vs ISO 22301: Med device QMS meets business continuity resilience. Key clauses, benefits & implementation for compliance mastery. Dive in!

LGPD vs ISO 50001

Discover LGPD vs ISO 50001: Brazil's data law meets energy mgmt std. Compare principles, compliance, breaches & strategies for global firms. Expert guide to align & thrive!

WELL

MAS TRM

Quick Verdict

WELL

Key Features

MAS TRM

Key Features

Detailed Analysis

WELL Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

MAS TRM Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

WELL FAQ

What is the primary objective of WELL?

Who is legally or professionally required to comply with WELL?

Does WELL require an external audit or third-party certification?

How often should an assessment for WELL be performed?

What are the consequences of non-compliance with WELL?

Can WELL be mapped to other international frameworks?

What is the first step to begin implementing WELL?

MAS TRM FAQ

What is the primary objective of MAS TRM?

Who is legally or professionally required to comply with MAS TRM?

Does MAS TRM require an external audit or third-party certification?

How often should an assessment for MAS TRM be performed?

What are the consequences of non-compliance with MAS TRM?

Can MAS TRM be mapped to other international frameworks?

What is the first step to begin implementing MAS TRM?

You Might also be Interested in These Articles...

CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

Beyond the Burden: How Intuitive Compliance Software Transforms Daily Workflows

Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

RoHS vs ISO 27032

ISO 13485 vs ISO 22301

LGPD vs ISO 50001