DPO-as-a-Service

Basic Services Package

We assist organizations with their internal data protection self-assessments through the use of PDPA Assessment Tool for Organizations (PATO) and implementation of the Data Inventory Map (DIM), while providing guidance on identifying gaps and recommending areas for improvement with remediation strategies.

Review privacy statements, front-facing policies, forms and data protection documents.

Provide PDPA advisory services, training and education programs to all staff members based on the Personal Data Protection Commission's (PDPC) Advisory Guidelines on Key Concepts in the PDPA.

Advanced Services Package with add-on

o Provide advisory and render assistance in the implementation of the Data Protection Essentials (DPE), Data Protection Management Programme (DPMP), Data Protection by Design for ICT Systems, and Data Protection Impact Assessment (DPIA).

o Review internal data protection policies, procedures and control documents.

o Training and education program extended to include the Advisory Guidelines on the PDPA for Selected Topics and the Guide to Basic Anonymization.

o Provide facilitator support for external IT audit or the implementation of Advanced Data Protection Practices in accordance with the PDPC's Guide to Data Protection Practices for ICT Systems conducted by third party.

PDPA Audit

A systematic assessment of the organization’s data protection policies, practices and detailed procedures, conducted based on a risk-based internal audit methodology, evaluates compliance with the Data Protection Obligations under the PDPA. This review identifies compliance gaps and risks in data protection practices through controls testing and provide recommendations for remediation according to the PDPA and data protection best practices.

IT Audit and Risk Assessment

(A) An independent technology audit encompassing audit program development, execution of test procedures, and issuance of formal reports, detailing findings and proposing remedial measures for enhancement to IT controls, systems, modifications, and upgrades.

(B) Attest to the internal risk and control self-assessment conducted by the organization on its IT infrastructure and systems by formally validating the assessment methodology and results.

(C) Our Data Protection Officer (DPO)-as-a-Service and PDPA Audit service always incorporate an IT risk assessment component, with scope and depth tailored to meet specific client requirements.

IT Audit for Statutory Audit

IT audit performed to support financial statement audit by examining the technology that handles accounting data.

Singapore Standard on Auditing (SSA) 315 (Revised) requires the auditor to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity’s IT control. With an in depth understanding of the entity’s IT environment, it enables the auditor to identify the IT risks, and to design and implement appropriate audit responses to address those identified risks.

Leveraging our specialized IT auditing expertise, we provide support to Public Accounting Corporations (PAC) in the evaluation of their audit clients' financial system controls in their effectiveness in safeguarding assets, and preventing or detecting material misstatements, enabling the external auditors to determine the nature and extent of audit procedures.

Cybersecurity Consulting

We help organizations measure and track their progress in the implementation of the Cybersecurity Health Check tool developed and launched by the Cyber Security Agency of Singapore (CSA), recommending solutions to close any gaps identified and enhance cybersecurity controls in enabling organizations to attain the Cyber Essentials certification.