Security & Compliance.
Enterprise-grade security built for regulated industries. SOC 2 Type II certified, VAPT-tested, and trusted by financial institutions and government agencies across Singapore.
Certifications & audits
SOC 2 Type II
Independent third-party audit of our security, availability, and confidentiality controls. Full report available under NDA.
VAPT
Vulnerability Assessment and Penetration Testing conducted by an independent security firm. Report available under NDA.
ISO 27001:2022
Information security management system certification in progress against the ISO 27001:2022 standard.
CSA Singapore Internet Health
Cyber Security Agency of Singapore Internet Health check - 100% score. Public report available.
DR & Business Continuity
Disaster Recovery and Business Continuity exercise and report completed. Available under NDA.
MAS / IBF Technology Evaluation
Selected as sole technology partner for the Future Skills Accelerator after evaluation across 8 categories, including System Performance (Security) and System Performance (Scalability).
SOC 2 Type II report, VAPT report, and DR/BCP report available under NDA for qualified enterprise prospects.
Request under NDA →Security program
- Hosted on Amazon Web Services (AWS) - enterprise-grade cloud infrastructure
- Data in transit encrypted with TLS v1.3
- Data at rest encrypted with AES-256
- Location-agnostic storage supports regional data residency requirements
- Single-tenancy and private cloud deployment options available
- Mandatory Multi-Factor Authentication (MFA) for all system access
- Single Sign-On (SSO) integration
- VPN-only access to internal systems - no direct public exposure
- Formal user registration and de-registration with immediate access revocation on termination
- Role-based access controls across all platform modules
- Monthly external vulnerability scans on all externally facing systems
- Annual penetration testing by independent third-party security firms
- AI-assisted continuous threat monitoring and anomaly detection across internal systems
- Severity-based remediation protocols with tracked resolution timelines
- Up-to-date anti-malware software deployed across all endpoints
- Continuous logging of all access attempts and system activity
- Regular access log reviews with automated alerting
- Unauthorised access detection with documented response procedures
- Dedicated incident response plan tested via annual DR exercises
- Integrated engineering, operations, and legal teams for security governance
- Mandatory security and privacy awareness training for all staff on hire
- Annual refresher training for all personnel
- Enhanced training frequency for roles with access to sensitive data
- Organisational culture built around customer trust and data protection
- Security policies reviewed annually or on significant regulatory change
- Risk assessments using industry-standard methodologies
- Third-party vendor security assessments before integration
- Dedicated Data Protection Officer (DPO)
- PDPA (Singapore) compliant data handling and retention policies
- Data subject rights supported via customer support channels
Government-grade integrations
Singpass
Government-verified employee identity and career data via Singapore's national digital identity platform. Trusted by all major financial institutions in Singapore.
Career & Skills Passport
Integrated with Singapore's official government-maintained skills and employment record. Provides verified, tamper-proof employee competency data.
Security enquiries
Contact our Data Protection Officer directly.