Frequently Asked Questions

This is a standard developed and published by Cyber Security Agency of Singapore enabling Singapore companies to comply with cyber security requirements based on a tiered approach.

As part published by Cyber Security Agency of Singapore, there are similarities between the two standards. As we progress to higher tiers, there will be further similarities in the domain as well.

ISO 27001 will help to build the framework required for data protection, data security, data resiliency and regulatory compliance which are part of PDPA data protection obligations.

This is the controls standards listed in Annex A of ISO/IEC 27001; There are 93 controls in ISO/IEC 27002:2022.

ISO/IEC 27001 is an Information Security Management System (ISMS) while ISO/IEC 27002 is the information security controls guidance listed in Annex A of ISO/IEC 27001.

We will provide advisory and consultancy services to guide our customers through their journey in achieving ISO/IEC 27001 certification and more, if applicable.

This is the code of practice for information security controls based on ISO/IEC 27002 for cloud services for Cloud Service Provider and Cloud Service Customer.

This is the code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors.

This is the Security requirements and guidelines as an extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management

This is an information security risk management framework.

This is a data protection framework developed by IMDA of Singapore, which allows a company to be compliant to PDPA and achieve the certification.