DPO Services (PDPA)

1. Basic Services Package

o Ensuring PDPA Compliance

Data Protection Self-Assessment through PDPA Assessment Tool for Organizations (PATO) and Data Inventory Map (DIM) techniques

Review and develop Privacy Statements, Policies, Measures, and Data Governance Frameworks.

o Fostering a Data Protection Culture

Deliver Personal Data Protection Act (PDPA) consultancy services and training programs to all staff members, in accordance with: 1) Personal Data Protection Commission's (PDPC) Advisory Guidelines on Key Concepts in the PDPA, and 2) Advisory Guidelines on the PDPA for Selected Topics.

o Cybersecurity advisory and training

Delivering comprehensive training, professional guidance and disseminating essential information regarding IT risks, information security and cybersecurity fundamentals throughout the organization.

o Efficient Handling of Data Inquiries

o Alert Management on Personal Data Risks

o Liaise with PDPC when required

o Data Breach Response Plan

2. Advanced Services Package with add-on:

o Advisory services and guided implementation of Data Protection Essentials (DPE), Data Protection Management Programme (DPMP), Data Protection by Design for ICT Systems, and Data Protection Impact Assessment (DPIA).

o Review or guided implementation of Advanced Data Protection Practices in accordance with the PDPC's Guide to Data Protection Practices for ICT Systems

PDPA Compliance Audit

A systematic assessment of data protection policies and procedures, conducted in accordance with internal audit methodologies, evaluates compliance with Data Protection Obligations under the PDPA. This review identifies compliance gaps and risks in data protection practices while providing recommendations for remediation plans and implementation of industry best practices.

Strategic Business Review for PEIs

We perform evaluations of Private Education Institutions to support their credit rating prerequisites for business registration renewal. The assessment encompasses strategic planning, governance structures, risk analysis, opportunity identification, business development frameworks, and financial sustainability through comprehensive financial analytics and risk assessment methodology.

IT Audit

(A) A comprehensive technology audit encompassing audit program development, execution of test procedures, and issuance of formal reports with authoritative sign-off, detailing findings and proposing remedial measures for systems enhancement, modifications, and upgrades.

[B] Validate and formally attest to the organization's internal information security and/or cybersecurity infrastructure self-assessment by reviewing both the assessment methodology and outcomes.

Control Self-Assessment (CSA)

CSA is an effective risk management tools recommended by the Audit Committee Guidance Committee (ACGC) Guidelines for the Board and audit committees to give an informed opinion on the state of internal controls and risk management systems of the organization.

We work with you to tailor a pragmatic approach that best deploys CSA in your organisation.

Internal Audit

We collaborate with organizations' internal audit departments, serving as external internal auditors to complement their existing expertise. Our comprehensive services encompass risk management, control assessments, and operational reviews across diverse industries and business sectors.

Internal audits are conducted exclusively by our team members who hold either the Certified Internal Auditor (CIA) or Chartered Accountant (CA) designation, focusing on one or more of the following areas and business processes:

• Financial reporting controls

• Financial management

• Procure-to-pay (Expense Cycle) and order-to-cash (Revenue Cycle)

• Third-party risk and contract management

• Data Protection (PDPA)

• IT and data governance

• Information security and computer operations

• Technology risk management

• Regulatory compliance

• Corporate finance policy

• Sustainability reporting process

• Enterprise risk management system and policy