Who is legally or professionally required to comply with WELL?

WELL is voluntary with no legal mandates, but professionals in real estate, facilities, HR, and design pursue it for market differentiation and ESG reporting. Owners, developers, and operators of new/existing buildings (offices, residential, hospitality) use pathways like WELL Certification (owner-controlled), WELL Core (base buildings leasing ≥75% space), or thematic ratings (Health-Safety, Performance, Equity). WELL APs and Performance Testing Agents are credentialed for compliance.

Does WELL require an external audit or third-party certification?

Yes, WELL mandates third-party documentation review and on-site performance verification by authorized WELL Performance Testing Agents. Projects undergo two review rounds (preliminary/final) via IWBI's platform, plus testing for air, water, light, sound, and thermal metrics at ≥50% occupancy. Certification levels (Bronze 40 points, Silver 50 (≥1/concept), Gold 60 (≥2/concept), Platinum 80 (≥3/concept)) require all Preconditions met.

How often should an assessment for WELL be performed?

WELL requires recertification every three years with annual reporting for select features like air quality. Ongoing assessments use continuous monitoring (e.g., CO₂, PM2.5) for features like A08 (≥1 monitor/325 m², recalibrated annually, updated every 15 minutes). Pre-testing is recommended pre-verification; post-certification, performance data supports ESG and drift detection.

What are the consequences of non-compliance with WELL?

Non-compliance prevents certification award and incurs review fees/delays, with no direct fines as WELL is voluntary. Failed Preconditions block points; curative reviews add costs. Operationally, it risks reputational harm, lost leasing premiums (e.g., 4-7% rent uplift), productivity losses, and ESG gaps, but no statutory penalties apply.

Can WELL be mapped to other international frameworks?

IWBI provides official crosswalks mapping WELL to frameworks like LEED. Features align (e.g., WELL Air with LEED IAQ), enabling dual certification via shared evidence, reducing duplication in portfolios.

What is the first step to begin implementing WELL?

The first step is project enrollment/registration on IWBI's digital platform and scorecard development. Identify pathways, target levels, and gaps against 24 Preconditions/ 102 Optimizations; conduct pre-testing for high-risk features (e.g., Air near highways).

What is the primary objective of MAS TRM?

MAS TRM's primary objective is to establish sound technology risk governance and cyber resilience through defence-in-depth controls preserving confidentiality, integrity, and availability (CIA) of data and systems. Issued by the Monetary Authority of Singapore (MAS) in January 2021, the Guidelines promote proportional practices across financial institutions (FIs), covering governance (§3), risk frameworks (§4), secure SDLC (§5-6), IT service management (§7), resilience (§8), access/cryptography (§9-10), cyber operations (§11-13), and audit (§15).

Who is legally or professionally required to comply with MAS TRM?

MAS TRM applies to all financial institutions (FIs) supervised by MAS, including banks, insurers, capital market intermediaries, payment service providers, and fintech sandbox participants. Proportionality scales implementation to risk profile and complexity (§2.2), but boards and senior management bear ultimate accountability for oversight, risk appetite approval, and timely incident escalation (§3.1). Third-party service providers handling FI assets must meet equivalent standards (§3.4, §9.1.8).

Does MAS TRM require an external audit or third-party certification?

MAS TRM mandates an independent internal audit function to assess TRM control effectiveness, governance, and risk management (§3.1.7, §15), but does not require external audits or certifications. FIs may engage external experts for penetration testing (§13.2), cyber exercises (§13.3-13.4), or managed security services (§12.2.1); however, observance is evaluated via MAS supervision, not formal certification.

How often should an assessment for MAS TRM be performed?

MAS TRM requires risk framework reviews commensurate with evolving threats (§4.1.5), annual penetration testing for internet-exposed systems (§13.2.4), regular vulnerability assessments by criticality (§13.1.1), and periodic DR testing (§8.3). Policies must be reviewed regularly (§3.2.1), asset inventories updated periodically (§3.3.2), and cyber exercises scheduled based on objectives (§13.3).

What are the consequences of non-compliance with MAS TRM?

Non-compliance with MAS TRM risks supervisory actions including fines (e.g., S$27.45 million across nine FIs for related lapses), license revocation, and executive prohibition orders. MAS evaluates "spirit of the Guidelines" adherence (§2.2), leading to remediation directives, heightened scrutiny, reputational damage, and operational disruptions from weak governance or resilience failures.

Can MAS TRM be mapped to other international frameworks?

Yes, MAS TRM aligns with outcomes in NIST CSF 2.0 (Govern-Identify-Protect-Detect-Respond-Recover) and ISO 27001's ISMS controls. It supports ERM integration via risk registers (§4.5) akin to NIST IR 8286 CSRRs, with hybrid use encouraged for monitoring and assurance; however, MAS TRM remains the primary supervisory benchmark for Singapore FIs.

What is the first step to begin implementing MAS TRM?

The first step is Board approval of a technology risk appetite/tolerance statement and establishment of an independent TRM function (§3.1.7). This enables asset inventories (§3.3), risk identification (§4.2), and proportional control design across governance, operations, and cyber domains.

Standards Comparison

WELL vs MAS TRM

WELL

Voluntary

2014

Building certification for occupant health performance

MAS TRM

Mandatory

2021

Singapore guidelines for financial technology risk management.

Quick Verdict

WELL certifies healthy buildings via performance testing for all industries globally, while MAS TRM enforces technology risk controls for Singapore FIs. Organizations adopt WELL for ESG/tenant appeal; MAS TRM to avoid fines and ensure cyber resilience.

Building Health & Wellness

WELL

WELL v2 Building Standard

Cost

€€€€

Complexity

High

Implementation Time

12-18 months

Key Features

Mandatory on-site performance verification testing
10 core concepts for occupant health
Preconditions plus point-based optimizations
Certification tiers Bronze to Platinum
Continuous monitoring compliance pathways

Technology Risk Management

MAS TRM

MAS Technology Risk Management Guidelines 2021

Cost

€€€€

Complexity

Medium

Implementation Time

12-18 months

Key Features

Board and senior management accountability for TRM
Proportional, risk-based control implementation
End-to-end lifecycle: governance to cyber testing
Third-party risk assessment and ongoing monitoring
Annual penetration testing for internet-facing systems

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

WELL Details

What It Is

The WELL Building Standard v2 is a performance-based certification framework administered by the International WELL Building Institute (IWBI). It focuses on designing, operating, and verifying buildings to advance human health and well-being. Scope covers new and existing buildings across sectors like offices, residential, and hospitality. Its evidence-based approach combines mandatory Preconditions with optional Optimizations for tiered certification.

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).
24 Preconditions and 102 Optimizations totaling up to 110 points.
Built on public health research and building science.
Certification model: Bronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums at higher tiers.

Why Organizations Use It

Drives occupant productivity, reduces absenteeism, enhances ESG reporting, and boosts property value/rents. Voluntary but tenant-demanded; mitigates health risks and builds stakeholder trust via verified performance.

Implementation Overview

Phased: gap analysis, scorecard development, documentation review, on-site verification, recertification every 3 years. Applies universally; requires cross-functional teams, third-party testing, continuous monitoring.

MAS TRM Details

What It Is

MAS Technology Risk Management (TRM) Guidelines (January 2021) are supervisory guidelines from Singapore's Monetary Authority of Singapore (MAS) for financial institutions. They provide a risk-based framework for managing technology and cyber risks across governance, operations, and resilience, emphasizing proportionality to FI complexity.

Key Components

Covers 15 sections: governance, asset management, SDLC, IT service management, resilience, access control, cryptography, cyber operations, testing, and audit.
No fixed controls; focuses on principles like board accountability, defence-in-depth, security-by-design.
Compliance via supervisory review, no formal certification.

Why Organizations Use It

Mandatory observance for MAS-regulated FIs to avoid fines/enforcement.
Enhances resilience, reduces systemic risks, builds trust.
Supports ERM integration, third-party oversight, AI governance.

Implementation Overview

Phased: governance setup, asset inventory, control deployment, testing.
Applies to banks/insurers in Singapore; scales by size/risk.
Involves audits, metrics, board reporting; 12-24 months typical.

Key Differences

Aspect	WELL	MAS TRM
Scope	Building health concepts (air, water, light, etc.)	Technology/cyber risk governance and controls
Industry	All building types globally (offices, residential)	Singapore financial institutions only
Nature	Voluntary performance-based certification	Supervisory guidelines with enforcement
Testing	On-site performance verification, continuous monitoring	Penetration testing, vulnerability assessments annually
Penalties	Loss of certification, no legal fines	Fines, license revocation, executive prohibitions

Scope

WELL

Building health concepts (air, water, light, etc.)

MAS TRM

Technology/cyber risk governance and controls

Industry

WELL

All building types globally (offices, residential)

MAS TRM

Singapore financial institutions only

Nature

WELL

Voluntary performance-based certification

MAS TRM

Supervisory guidelines with enforcement

Testing

WELL

On-site performance verification, continuous monitoring

MAS TRM

Penetration testing, vulnerability assessments annually

Penalties

WELL

Loss of certification, no legal fines

MAS TRM

Fines, license revocation, executive prohibitions

Frequently Asked Questions

Common questions about WELL and MAS TRM

WELL FAQ

MAS TRM FAQ

You Might also be Interested in These Articles...

Image this: What if GDPR would have NOT been implemented by the EU

What if the EU never implemented GDPR? Explore this hypothetical: consumer data protection in Dec 2025, key differences, pros/cons for users & companies. Read t

PDPA Cross-Border Transfer Rules Decoded: Singapore, Thailand, and Taiwan Mechanisms Compared with Practical Implementation Templates

Decode PDPA cross-border transfers for Singapore, Thailand, Taiwan. Statutory excerpts, approved mechanisms, SCC templates. Harmonize with GDPR, navigate exempt

CMMC Cost Calculator: Realistic Budgets for Levels 1-3, C3PAO Fees, and ROI for Small DIB Suppliers

Calculate realistic CMMC costs for Levels 1-3: self-assessments, C3PAO fees, tooling, remediation & ROI. Interactive tool for small DIB suppliers. Get benchmark

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Explore More Comparisons

See how WELL and MAS TRM compare against other standards

Other WELL Comparisons

Other MAS TRM Comparisons

What It Is

Key Components

**10 core conceptsAir, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, Community (plus Innovation).

24 Preconditions and 102 Optimizations totaling up to 110 points.

Built on public health research and building science.

Certification model: Bronze (40 points), Silver (50), Gold (60), Platinum (80), with concept minimums at higher tiers.

What It Is

Key Components

Covers 15 sections: governance, asset management, SDLC, IT service management, resilience, access control, cryptography, cyber operations, testing, and audit.

No fixed controls; focuses on principles like board accountability, defence-in-depth, security-by-design.

Compliance via supervisory review, no formal certification.

Aspect

WELL

MAS TRM

Scope

Building health concepts (air, water, light, etc.)

Technology/cyber risk governance and controls

Industry

All building types globally (offices, residential)

Singapore financial institutions only

Nature

Voluntary performance-based certification

Supervisory guidelines with enforcement

Testing

On-site performance verification, continuous monitoring

Penetration testing, vulnerability assessments annually

Penalties

Loss of certification, no legal fines

Fines, license revocation, executive prohibitions

WELL vs MAS TRM

WELL

MAS TRM

Quick Verdict

WELL

Key Features

MAS TRM

Key Features

Detailed Analysis

WELL Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

MAS TRM Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

WELL FAQ

What is the primary objective of WELL?

Who is legally or professionally required to comply with WELL?

Does WELL require an external audit or third-party certification?

How often should an assessment for WELL be performed?

What are the consequences of non-compliance with WELL?

Can WELL be mapped to other international frameworks?

What is the first step to begin implementing WELL?

MAS TRM FAQ

What is the primary objective of MAS TRM?

Who is legally or professionally required to comply with MAS TRM?

Does MAS TRM require an external audit or third-party certification?

How often should an assessment for MAS TRM be performed?

What are the consequences of non-compliance with MAS TRM?

Can MAS TRM be mapped to other international frameworks?

What is the first step to begin implementing MAS TRM?

You Might also be Interested in These Articles...

Image this: What if GDPR would have NOT been implemented by the EU

PDPA Cross-Border Transfer Rules Decoded: Singapore, Thailand, and Taiwan Mechanisms Compared with Practical Implementation Templates

CMMC Cost Calculator: Realistic Budgets for Levels 1-3, C3PAO Fees, and ROI for Small DIB Suppliers

Run Maturity Assessments with GRADUM

Explore More Comparisons

Other WELL Comparisons

Other MAS TRM Comparisons

WELL vs MAS TRM

WELL

MAS TRM

Quick Verdict

WELL

Key Features

MAS TRM

Key Features

Detailed Analysis

WELL Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

MAS TRM Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

WELL FAQ

What is the primary objective of WELL?

Who is legally or professionally required to comply with WELL?

Does WELL require an external audit or third-party certification?