Search for:

In brief

On 10 January 2022, the Singapore Ministry of Communications and Information (MCI) responded to a parliamentary question on measures that ensure companies in Singapore engage third- and fourth-party IT vendors that are licensed and certified by the MCI. The Singapore government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices to minimise the risk of data breaches and leaks. Further cybersecurity trustmarks are under development by the Cyber Security Agency of Singapore.  

Key takeaways

To help companies better identify IT vendors with strong data privacy and cybersecurity practices, the Singapore government has put in place trustmark certifications, including the Data Protection Trustmark overseen by the Infocomm Media Development Authority (IMDA). An SG Cyber Safe Trustmark is also currently under development by the Cyber Security Agency of Singapore to recognise companies with sound cybersecurity practices. The trustmarks are designed to support companies in engaging third- and fourth-party IT vendors that are licensed and certified by the MCI.

MCI commented that IMDA’s Data Protection Trustmark currently covers more than 66 million personal data records held by 76 companies. This includes over 16 million records held by 30 companies certified from the ICT sector. Additionally, MCI noted that while companies are not required to engage certified vendors, it is strongly encouraged. Trustmarks are designed to recognise companies with sound policies and practices to protect the personal data they manage, and ensure they use it responsibly.

Both the Personal Data Protection Commission (PDPC) and SingCERT have also issued guidelines and advisories to further aid companies in mitigating cybersecurity risks and making more informed choices when engaging IT vendors.

Guidelines issued by the PDPC will help companies evaluate the data protection policies and practices of potential IT vendors, whilst regular cybersecurity advisories issued by SingCERT will help companies mitigate cybersecurity risks more quickly and efficiently.

* * * * *


© 2022 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.


Andy Leck is the managing principal of Baker McKenzie.Wong & Leow. Mr. Leck is recognised by the world’s leading industry and legal publications as a leader in his field. Asian Legal Business notes that he “always gives good, quick advice, [is] client-focused and has strong technical knowledge for his areas of practice”. Alongside his current role as managing principal, Mr. Leck has held several leadership positions in the Firm and externally as a leading IP practitioner. He currently serves on the International Trademark Association's Board of Directors and is a member of the Singapore Copyright Tribunal.


Ren Jun is an associate principal of Baker & McKenzie.Wong & Leow. Ren Jun extensively represents local and international intellectual property-intensive clients in both contentious and non-contentious IP matters, such as anti-counterfeiting; civil and criminal litigation; commercial issues; regulatory clearance; and advertising laws. Ren Jun also advises on a wide range of issues relating to the healthcare industries. These include regulatory compliance in respect of drugs, medical devices, clinical trials, health supplements and cosmetics; product liability and recall; and anti-corruption. Ren Jun is currently a member of the Firm's Asia Pacific Healthcare ASEAN Economic Community; Product Liability and Regulatory Sub-Committees.


Arwen is a local principal in the Firm's Intellectual Property and Technology (IPTech) Practice Group in Singapore. She is a member of the Law Society of Scotland, and has been admitted to practice in Scotland since 2004. Arwen worked as an intellectual property and technology lawyer in the UK and Europe before relocating to Asia in 2014 and has since worked in both Singapore and Hong Kong, advising on matters across both Asia Pacific and Europe. Arwen is recognised in Legal 500 (2020) as "commercial, pragmatic and personable" for the TMT sector.

Write A Comment