Tech players team up to rate Singaporean businesses’ data handling skills

Designed to provide a digitalised way for organisations to prove the veracity of their internal processes and controls.
Wong Wai Meng (Keppel Data Centres / SGTech)

Wong Wai Meng (Keppel Data Centres / SGTech)

IBM, KPMG and SGTech are among a group of local tech players that hope to level a new rating system at the data handling skills of business in Singapore.

The proposed rating system pilot, which is designed to help enterprises evaluate their data governance and controls policies and processes, is being created with the stated goal of boosting confidence in data and artificial intelligence (AI) technologies as Singapore’s digital economy grows.

IBM, along with consulting giant KPMG, Singapore IT industry association SGTech, tech start-up Credence Lab and other organisations, signed a non-binding memorandum of understanding (MoU) on 27 September to cement their partnership in the program.  

The consortium is led by Credence Labs, a key participant in SGTech’s Digital Trust Committee, and has previously developed a global index that measures the work of governments in the smart city industry area.

The pilot program, created by members from the so-called Credence Committee, is designed to provide a digitalised way for organisations to prove the veracity of their internal processes and controls in order to obtain two certifications – the Data Protection Trust Mark (DPTM) and a maturity rating using the Credence Data Trust Rating System (Credence DTRS).  

The DPTM by itself certifies that an organisation has put in place a data protection regime to comply with the obligations of the Personal Data Protection Act (PDPA), which provides a baseline standard of protection for personal data in Singapore.

According to SGTech, the Credence DTRS complements the DPTM, extending to implementation details based on an organisation's line of business, corporate governance, risk profile, business needs and strategy to effectively manage its risks.

By participating in the pilot, consortium member SGTech aims to demonstrate to other small organisations, particularly its members and other small and micro enterprises, that small size and lean resources are not barriers to obtaining a credible certification.  

Through the pilot, SGTech said it intended to contribute by highlighting the areas that could be refined and improved to make the certification journey a smoother experience for small and micro enterprises.  

"The work that we do at SGTech involves handling sensitive personal and company data,” said SGTech chairman and Keppel Data Centres CEO Wong Wai Meng. “We have had our sights on the Data Protection Trust Mark (DPTM) since its launch. We have been fine-tuning our practices and processes to ensure that we are up to the mark and can assure our members and partners that their data is safe in our hands.

"Participating in and getting dual certifications through this pilot allows us to demonstrate accountability to our stakeholders. We like that the Credence DTRS maturity rating considers aspects beyond compliance with an organisation's obligations under the PDPA -- to its implementation, including business needs, risk profile and risk management strategy.  

“At the same time, through the pilot, we want to prove that such certifications are not beyond the reach of small organisations,” he added.

The consortium members include Credence Lab for certification; Drew & Napier for legal and general consulting; Eden Strategy Institute for strategic consulting; KPMG for compliance consulting; and TÜV SÜD ASEAN for assessments.  

IBM also signed the nonbinding memorandum of understanding on 27 September 2021, cementing its participation in the program.  

IBM plans to design an open and decentralised data governance, risk and control framework using IBM Cloud Pak for Data, its data and AI platform, along with other IBM products that are available on the platform: OpenPages with Watson, Watson Knowledge Catalogue and Cognos with Watson.