On 10 January 2022, the Singapore Ministry of Communications and Information (MCI) responded to a parliamentary question on measures that ensure companies in Singapore engage third- and fourth-party IT vendors that are licensed and certified by the MCI. The Singapore government has put in place trustmark certifications to help companies better identify IT vendors with strong data and cyber security practices to minimise the risk of data breaches and leaks. Further cybersecurity trustmarks are under development by the Cyber Security Agency of Singapore.
To help companies better identify IT vendors with strong data privacy and cybersecurity practices, the Singapore government has put in place trustmark certifications, including the Data Protection Trustmark overseen by the Infocomm Media Development Authority (IMDA). An SG Cyber Safe Trustmark is also currently under development by the Cyber Security Agency of Singapore to recognise companies with sound cybersecurity practices. The trustmarks are designed to support companies in engaging third- and fourth-party IT vendors that are licensed and certified by the MCI.
MCI commented that IMDA’s Data Protection Trustmark currently covers more than 66 million personal data records held by 76 companies. This includes over 16 million records held by 30 companies certified from the ICT sector. Additionally, MCI noted that while companies are not required to engage certified vendors, it is strongly encouraged. Trustmarks are designed to recognise companies with sound policies and practices to protect the personal data they manage, and ensure they use it responsibly.
Both the Personal Data Protection Commission (PDPC) and SingCERT have also issued guidelines and advisories to further aid companies in mitigating cybersecurity risks and making more informed choices when engaging IT vendors.
Guidelines issued by the PDPC will help companies evaluate the data protection policies and practices of potential IT vendors, whilst regular cybersecurity advisories issued by SingCERT will help companies mitigate cybersecurity risks more quickly and efficiently.
* * * * *
© 2022 Baker & McKenzie.Wong & Leow. All rights reserved. Baker & McKenzie.Wong & Leow is incorporated with limited liability and is a member firm of Baker & McKenzie International, a global law firm with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a “principal” means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an “office” means an office of any such law firm. This may qualify as “Attorney Advertising” requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.