About the Data Protection Trustmark (DPTM)
The Data Protection Trustmark (DPTM) is a voluntary enterprise-wide certification for organisations to demonstrate accountable data protection practices. The DPTM will help businesses increase their competitive advantage and build trust with their customers and stakeholders.
The directory of DPTM-certified organisations can be found here (801.41KB)
Hear from these industry leaders - AIG Singapore, Alibaba Cloud Singapore, M1, and MaNaDr – on why it pays to have the DPTM.
It pays to have the Data Protection Trustmark
What DPTM means to consumers
As a consumer, you can rest assured that an organisation certified with the DPTM has put in place responsible data protection practices and will take better care of your personal data and minimise the risk of a data breach. Learn more about DPTM for consumers here.
Who can apply?
Organisations that have put in place a data protection regime to comply with the obligations of the PDPA can apply for DPTM.
They should be either (1) formed or recognised under the laws of Singapore, or (2) resident, or having an office or a place of business, in Singapore, and in any case, not a public agency (as defined in the Personal Data Protection Act 2012).
Organisations should assess its readiness using the DPTM Certification Checklist (275.80KB) before applying.
Organisations with ISO/IEC 27001 and 27701 may find it easier to attain DPTM certification as they have demonstrated good information security and privacy information management standards.
Upon submission of the application, the Applicant Organisation is bound by the Terms of Agreement (571.68KB) of the DPTM scheme.
Apply hereCertification costs
Application fee:
Application fee of S$535 (inclusive of GST) is payable to IMDA.
To encourage organisations to take up more than one certification (i.e. DPTM, CBPR and PRP), one application fee of S$535 is payable to IMDA when organisations apply for multiple certifications in a single application process.
Assessment fee:
Assessment fee, payable to the Assessment Body, ranges and depends on the size of the organisation (e.g. annual sales turnover, no. of sites, etc) and the Assessment Body you engaged. Please approach the Assessment Bodies listed in this website for a quotation to confirm the actual fee.
The table below shows the range of pricing paid by companies for the DPTM certification (as of June 2023):
| Annual revenue of enterprises | < $10m | $10m – $100m | > $100m |
|---|---|---|---|
| Range |
$4,000 - $16,500 | $4,000 - $13,500 | $4,200 - $22,100 |
| Average |
$5,000 |
$6,300 | $9,500 |
| 75% of companies are charged below |
$7,500 | $8,000 | $12,000 |
| 50% of companies are charged below | $5,000 | $6,500 | $9,500 |
| 25% of companies are charged below |
$4,320 | $5,200 | $7,000 |
Note:
- Assessment fees shown exclude GST and are based on actual transacted prices for the past one year. Figures in this table will be updated half-yearly.
- The fees are based on a single entity taking the DPTM certification and exclude companies taking multiple certifications (i.e. DPTM and CBPR/PRP) or covering multiple entities. Information presented is accurate to the best of our effort.
- Charges that are higher than the benchmarks may not be unreasonable, particularly where a case is complex and requires significantly more time or effort to complete. Kindly approach the assessment bodies to ask for quotations for comparison.
Funding support:
Eligible organisations can consider applying to Enterprise Singapore (ESG) to seek support for some of the costs for DPTM certification and consultancy services. Details on the criteria and application process can be found at ESG Enterprise Development Grant
Interested organisations may refer to this Quick Guide on Enterprise Development Grant Application (256.46KB).
Eligible social service agencies (SSAs) and charities can consider applying to the National Council of Social Service (NCSS) for funding support. Details on the criteria and application process can be found at NCSS Tech-And-GO!
Assessment body
The Assessment Body (AB) acts as an independent body to assess that an organisation’s data protection practices conform to the DPTM requirements. An organisation may select any of the following seven ABs:
| Assessment body | Contact person | Contact no | |
|---|---|---|---|
| BSI Group Singapore | Shi Wei Ng |
6270 0777 9229 5747 / 9008 8952 |
DPTM@bsigroup.com |
| EPI Certification Pte Ltd | May Cheow | 8823 3347 |
Audit-support@epi-certification.com may@epi-certification.com |
| Guardian Independent Certification Pte Ltd |
Baljit Singh | 6742 3075 / 8268 4464 | baljit.singh@gicgrp.com |
| ISOCert Pte Ltd |
Saju S Pillai Jean Poh |
9105 4718 9475 5120 / 6659 0810 |
|
| Setsco Services Pte Ltd |
Elean Kwek Laura Koh |
6895 0669 6895 0659 |
|
| SOCOTEC Certification Singapore Pte Ltd |
Chris Lim (Ms) | 6299 9001 / 6499 4707 | chris@socotec.com certints@singnet.com.sg |
| TUV SUD PSB Pte Ltd |
Erichsen Soong Edmund Gan |
8777 5844 6973 6764 |
dp_trustmark@tuvsud.com |
DPTM certification requirements and resources
The DPTM Certification Framework was developed based on adopting and aligning it with Singapore’s enhanced PDPA and incorporating elements of international benchmarks and data protection best practices. Organisations that are interested to incorporate DPTM into their audit, certification, sectoral frameworks, etc can email Data_Protection_Certifications@imda.gov.sg for discussion.
- Overview of Certification Requirements (132.25KB) (updated 1 Feb 2021)
- DPTM Checklist for Organisations (275.80KB) (updated 17 Jun 2022 and incorporated PDPA amendments*)
*For more information about the enhanced PDPA, visit the PDPC website.
List of DPTM consultancy service providers
Organisations may approach any of the following consultancy service providers to prepare them for the DPTM certification. A listing of a DPTM consultancy service provider in this directory does not signify that the DPTM consultancy service provider is in any way accredited, endorsed or certified by the IMDA. It also does not imply a referral or recommendation by the IMDA. Please exercise due care and judgement prior to engaging any of the DPTM consultancy service providers listed below.
Any engagement of the DPTM consultancy service providers is strictly on a private basis between the DPTM consultancy service provider and yourself and the IMDA is not a party to such an engagement. You are therefore solely responsible for the private engagements that you may enter into with the DPTM consultancy service providers. If there is a disagreement arising from the engagement with the DPTM consultancy service providers, you may wish to seek independent legal advice. DPTM consultancy service providers who are interested to be listed can contact us at data_protection_certifications@imda.gov.sg.
| S/N | Entity name | Is DPTM-certified | Has SAC-accredited TR43/SS680 certified management consultants | Business address | Contact person |
|---|---|---|---|---|---|
| 1 | Lloyd McGill Pte Ltd |
✔ |
✔ | 230 Victoria Street #15-01/08, B07, Bugis Junction S(188024) |
Name: Marinissa Reyes Tel: 6352 1566 Email: enquiry@lloydmcgill.com |
| 2 | NLA DFK Assurance PAC | ✔ | ✔ | 143 Cecil Street #17-03 GB Building S(069542) Tel: 6222 0289 |
Name: Gary Ng Tel: 9679 1267 Email: garyng@nlarisk.com |
| 3 | P2D Solutions Pte Ltd | ✔ | ✔ | Suntec Tower Three, #42-01, 8 Temasek Boulevard S(038988) |
Name: Desmond Chow Tel: 9228 3782 Email: desmond.chow@p2dsolutions.com.sg |
| 4 | SP Consulting (International) Pte Ltd |
✔ | ✔ | 5 Kallang Sector #04-03 S(349279) |
Name: Benson Leong Tel: 9732 2304 Email: benleong@spgp.com |
| 5 | Straits Interactive Pte Ltd | ✔ | ✔ | 43A Beach Road Evershine & Century Complex S(189681) |
Name: Lina Wong Tel: 6815 8010 ext 1 Email: sales@straitsinteractive.com |
| 6 | TRS Forensics Pte Ltd | ✔ | ✔ | 90 Lorong 23 Geylang #05-01 Agrow Building S(388393) |
Name: Renee Tan Tel: 9297 1316 Email: reneetan@trsforensics.com |
| 7 | DSP ISO Consultants Pte Ltd | - | ✔ |
11 Woodlands Close #08-20, Woodlands 11 S(737853) |
Name: Dinesh Balakrishnan Tel: 9226 9011 Email: nesh@dspiso.com |
| 8 | Greenwich Management Consultancy Pte Ltd |
- |
✔ | 18 Robinson Road, #15-01 S(048547) |
Name: Michelle Chew Tel: 9876 6828 Email: michelle@greenwich.com.sg / admin@greenwich.com.sg |
| 9 | PDPA Compliance |
- |
✔ | 10 Anson Road #29-04A International Plaza S(079903) |
Name: Gea Ban Peng Tel: 6222 1000 / 9674 5780 Email: geabanpeng@pdpacompliance.com |
| 10 | QuESH Consultants (Pte) Ltd | - | ✔ | 50 Bukit Batok Street 23 #07-10 Midview Building S(659578) |
Name: Ngo Seow Kuan Tel: 6316 6602 Email: sales@quesh.com.sg |
An added benefit for certified organisations
DPTM-certified organisations that apply for cyber insurance can enjoy faster application processing and competitive offers. QBE Insurance Singapore, Delta Insurance, Pandamatics Underwriting, and Beazley have recognised DPTM in their cyber insurance underwriting process, as the certification assures insurers that an applicant has sound and responsible data protection practices in place.
Please contact the participating cyber insurers to find out more:
| S/N | Cyber insurer | Cyber insurance products |
|---|---|---|
| 1 | QBE Insurance (Singapore) Pte. Ltd. | Cyber and Data Security (Auto-bind) Policy |
| 2 | Delta Underwriting Pte Ltd | Delta Cyber Liability Insurance Policy |
| 3 | Pandamatics Underwriting | Bamboo Shoot |
| 4 | Beazley Syndicates at Lloyd’s | Beazley’s InfoSec 2.0 |
Contact us
For questions, please refer to our FAQs.
For queries, please email Data_Protection_Certifications@imda.gov.sg or call 6377 3800.
.webp)