Data Protection Management

Develop and implement a Data Protection Management Programme (DPMP) to comply with the PDPA.

Proficiency Level 3 Proficiency Level 4 Proficiency Level 5
Collect, use or disclose personal data in accordance with the organisation's DPMP. Develop the organisation's DPMP in accordance with legal requirements.

Formulate the organisation's data protection strategy and ensure effectiveness of its DPMP.


Business Risk Management 

Forecast and assess existing and potential IT risks which impact the operation and/or profitability to the business as well as the development and roll out organisation-wide strategies and processes to mitigate risks associated with the collection, use, disclosure and storage of personal data, minimise their impact or effectively manage such business risks.

Proficiency Level 3 Proficiency Level 4 Proficiency Level 5
Identify risksand their business impact and propose measures to manage risks. Assess current and potential risks within a defined functional area, and develop risk countermeasures and contingency plans. Critically evaluate, review and drive organisation-wide risk mitigation and management initiatives.


Cyber and Data Breach Incident Management

Detect and report cyber and data-related incidents, identify affected systems and user groups, trigger alerts and announcements to relevant stakeholders and efficient resolution of the situation. 


Proficiency Level 2 Proficiency Level 4 Proficiency Level 5
Provide real-time incident and status reporting, and identify affected systems and user groups.

Develop incident management procedures and synthesis incident-related analyses to distill key insights, resolve incidents and establish mitigating and preventive solutions.

Formulate incident response strategies and direct teams in the remediation, resolution, communication and post-mortem of large-scale, unpredictable cyber and data incidents.



Stakeholder Management

Manage stakeholders’ expectations and needs by aligning those with requirements and objectives of the organisation. This involves planning of actions to effectively communicate with, negotiate with and influence stakeholders.


Proficiency Level 3 Proficiency Level 4 Proficiency Level 5

Serve as the organisation's main contact point for stakeholder communications, clarifying responsibilities among stakeholders and engaging them to align expectations.

Develop a stakeholder engagement plan and negotiate with stakeholders to arrive at mutually-beneficial arrangements.

Define a strategic stakeholder management roadmap, and lead critical discussions and negotiations, addressing escalated issues or problems encountered.


Audit and Compliance

Develop compliance processes and audit strategy for the organisation to review adherence to statutory regulatory standards, assessment and enhancement of the thoroughness of compliance and/or governance processes and organisation's internal controls align with changing compliance standards. This also includes the actual conduct and/or performance of audit activities.

Proficiency Level 3 Proficiency Level 4 Proficiency Level 5

Conduct audits, analyse results and implement changes to address identified gaps.

Develop and enhance compliance processes based on an evaluation of gaps in business and IT operations.



Establish audit and compliance strategy and objectives for the organisation, ensuring robustness of internal controls are strengthened.


Data Governance

Develop and implement guidelines, laws and regulations across the organisation for the handling of data at various stages in its lifecycle as well as the provision of advice on proper data handling and resolution of data breaches in a range of complex, ambiguous or multi-faceted contexts.

Proficiency Level 5 Proficiency Level 6

Develop organisation practices and standards for handling data throughout their lifecycle, resolve breaches and oversee transfer of data between organisations.

Establish policies for data security and usage, facilitate industry consensus around data ethics and provide expert advice on data transfer across geographies.


Data Ethics

Apply legal and ethical principles in the collection, use, storage and disposal of data.

Proficiency Level 3 Proficiency Level 4 Proficiency Level 5
Apply and uphold principles of professional, legal and ethical conduct, policies and procedures in the handling of data. Analyse unethical practices and apply ethical decision-making strategies to address ethical dilemmas and issues.

Formulate the organisation's code of ethics, systems and processes to ensure adherence to professional, legal and ethical requirements for data usage.


Data Sharing

Assess the value of data to achieve a competitive advantage and business objectives.

Proficiency Level 3 Proficiency Level 4 Proficiency Level 5
Conduct stock-take of the organisation's data assets. Assess the value of data assets to achieve organisational and business goals.

Evaluate the net worth of the organisation's data to achieve organisational and business goals.


Design Thinking Practice

Manage design thinking methodologies and processes to solve specific challenges for the organisation, and guide stakeholders through the phases of inspiration, empathy, ideation and implementation.


Proficiency Level 3 Proficiency Level 4 Proficiency Level 5
Apply design thinking methodologies and execute design thinking processes to challenge norms and conventions in the organisation. Facilitate and guide stakeholders to apply design thinking methodologies and processes for the organisation.

Establish effective design thinking processes, methodologies and frameworks to proliferate design thinking across the organisation.