One of SGTech's objectives is to accelerate Singapore's digital transformation, grounded on trust as a strategic differentiator. With SMEs constituting 99% of Singapore enterprises, it is crucial that SMEs get on the digitalisation bandwagon and understand the strategic value of demonstrating trust to their stakeholders and customers. At some point in that journey, companies are likely to seek a recognised certification.
A tech industry association, SGTech announced that it is one of the pioneering participants in a pilot programme for obtaining dual certification in data protection and data trust.
The pilot programme created by members from the Credence Committee provides a digitalised way for organisations to prove the veracity of their internal processes and controls, in order to obtain two certifications – the Data Protection Trust Mark (DPTM) and a maturity rating using the Credence Data Trust Rating System (Credence DTRS).
"The work that we do at SGTech involves handling sensitive personal and company data. We have had our sights on the Data Protection Trust Mark (DPTM) since its launch. We have been fine-tuning our practices and processes to ensure that we are up to the mark and can assure our members and partners that their data is safe in our hands," said SGTech Chairman Wong Wai Meng.
By participating in the pilot, SGTech aims to demonstrate to other small organisations, particularly its members and other small and micro enterprises, that small size and lean resources are not barriers to obtaining a credible certification. Through the pilot, SGTech intends to contribute by highlighting the areas that can be refined and improved to make the certification journey a smoother experience for small and micro-enterprises.
"Participating in and getting dual certifications through this pilot allows us to demonstrate accountability to our stakeholders. We like that the Credence DTRS maturity rating considers aspects beyond compliance with an organisation's obligations under the PDPA – to its implementation, including business needs, risk profile and risk management strategy,” Wong continued.
While the DPTM certifies that an organisation has put in place a data protection regime to comply with the obligations of the PDPA, the Credence DTRS complements the DPTM, extending to implementation details based on an organisation's line of business, corporate governance, risk profile, business needs, and strategy to effectively manage its risks.