Be aware of scammers impersonating as IMDA officers and report any suspicious calls to the police. Please note that IMDA officers will never call you nor request for your personal information. For scam-related advice, please call the Anti-Scam helpline at 1800-722-6688 or go to

Singapore Builds New Capability to Perform Complex IT Products Security Certification

The Infocomm Development Authority of Singapore (IDA) today announced that it has established the Common Criteria (CC) Scheme to provide an infrastructure for ICT companies worldwide to evaluate and certify their security ...

Singapore, 29 June 2005 | For Immediate Release

Common Criteria Scheme Opens New Opportunities for Local Infocomm Companies to Tap into US$2.3 billion Worldwide Market for CC Security Solutions

The Infocomm Development Authority of Singapore (IDA) today announced that it has established the Common Criteria (CC) Scheme to provide an infrastructure for ICT companies worldwide to evaluate and certify their security products against the Common Criteria standard1 (ISO 15408) in Singapore. The move will, in parallel, unleash new business and capability development opportunities for the local infocomm industry to penetrate the growing global security solutions market.

The CC Scheme is part of IDA's plan to develop internationally compliant security products in Singapore. Its establishment is also one of the strategic thrusts under the Infocomm Security Masterplan2 to build capabilities that can defend Singapore's critical infrastructure from cyber attacks, and to maintain a secure infocomm environment for the government, businesses and individuals.

To set up the CC Scheme, IDA has partnered PSB Certification who will take the role of the Certification Body to validate and certify the evaluation done by Evaluation Facilities. In addition, IDA has partnered T-Systems to establish Singapore's first Evaluation Facility to conduct product evaluation in accordance to Common Criteria. The Common Criteria is an international standard increasingly adopted by organisations and governments worldwide for the evaluation and certification of security properties of IT products or systems.

On its appointment as the CC Certification Body, Mr. Wu Tek Ming, CEO, PSB Certification Pte Ltd said, "PSB Certification is pleased to have been appointed by IDA to set up the Common Criteria certification system in Singapore. We are confident that, with our experience and knowledge in Common Criteria, we will help boost the nation's capability in security product evaluation and certification, and bring us on par with international standards."

On being the first Evaluation Facility in Singapore, Mr. Thomas Jakob, CEO, T-Systems Singapore said, "T-Systems is pleased to partner Singapore to build expertise in infocomm security evaluation. With Singapore's solid infrastructure and trusted business environment, it is the ideal launch pad to serve the emerging Asia Pacific market for infocomm security services."

Singapore Joins Common Criteria Recognition Arrangement

In March 2005, Singapore officially signed the Common Criteria Recognition Arrangement (CCRA)3 as a Consuming Participant, with the intention to become a Certificate Issuing Participant by end 2006. The CCRA is a mutual recognition agreement with signatories from more than 20 countries that are responsible for the maintenance of the CC standard. Singapore is the first in ASEAN to participate in the CCRA.

On Singapore's admission into the CCRA, Dr Frits Taal, Chairman of the Management Committee of the CCRA said, "The admission of Singapore into the CCRA is a positive development as this will provide a platform for the IT industry in Singapore to work with an international standard for security, and enable them to sell their products in other parts of the world." Noting the growing interest in the Common Criteria in Asia, Dr Taal added, "With Singapore's admission, it will also be able to influence the development of the Common Criteria."

Commenting on the significance of this development, Mr. Chan Yeng Kit, CEO, IDA Singapore said, "Singapore will soon join the ranks of leading countries around the world to offer IT products which have undergone sound security evaluation and certification under the Common Criteria." Relating on how it strengthens Singapore;s position as a secured infocomm hub, Mr. Chan added, "With the key (Common Criteria) ingredients in place, Singapore is now equipped with the competencies and infrastructure to offer solution providers a cost competitive, efficient and reliable means to obtain Common Criteria evaluation and certification. The CC-certified products will in turn gain worldwide recognition and access to the US$2.3 Billion4 worldwide market for CC certified products."

Common Criteria Scheme Gains Momentum

Currently, two IT solutions providers have already embarked on the process of certifying their products in accordance to Common Criteria. Patchlink Corporation, a leading provider of security patch, vulnerability, and compliancy management solutions, and e-Cop, a leading provider of trusted info-security solutions and services in the Asia Pacific, have chosen to carry out Common Criteria evaluation and certification of their products in Singapore.

Mr. Anthony Lim, Chairman of the Security Chapter of the Singapore Infocomm Technology Federation (SiTF), welcomes Singapore's entry to CCRA. "With the uptrend in adoption and mandate of Common Criteria in countries round the world, IT products and systems in Singapore will certainly benefit from a CC Scheme to help them tap into the global security solutions market, which increasingly requires Common Criteria certification prior to their use and acceptance in these countries."

On the establishment of the CC Scheme, Mr. Aloysius Cheang, President of the Special Interest Group in Security and Information Integrity Singapore (SIG^2), commented, "Common Criteria certification will give users the added assurance of the products used to safeguard corporate information systems."


Notes to Editor:

1 The Common Criteria is an international standard concerned with the evaluation and certification of the security properties of an IT product or system.
The Common Criteria benefits business or government users by helping them decide whether a validated IT product or system fulfils their security requirements. Developers of IT products and systems use this certification scheme to gain users' confidence in the security features of their products and gain access to markets that mandate Common Criteria.

For developers of IT products and systems, the Common Criteria standard specifies and helps builds security features into their product and systems, which subsequently enhances the security properties of their products and systems and its market access into countries that recognise the standard.

2 The Infocomm Security Masterplan was launched on 22 February 2005 by Dr Tony Tan, Deputy Prime Minister and Coordinating Minister for Security and Defence. The Masterplan is a strategic roadmap that charts Singapore's national efforts to develop capabilities to prevent cyber security incidents, to protect our critical infrastructure from cyber threats, and to respond swiftly to recover from actual attacks. More details are available in the 22 February 2005 media release at  

3 The CCRA is a mutual recognition arrangement that enables security products that are evaluated and certified under the Common Criteria standard to attain recognition and acceptance among signatory countries. The current signatories of the CCRA consist of 20 countries. They are: Australia, Austria, Canada, Czech Republic, Finland, France, Germany, Greece, Hungary, Israel, Italy, Japan, the Netherlands, New Zealand, Norway, Spain, Sweden, Turkey, the United Kingdom and the U.S. Singapore joins as the latest Participant, and the first country from ASEAN.

There are two ways to join the CCRA: as a Certificate Consuming Participant, or as a Certificate Issuing Participant. Prior to becoming a Certificate Issuing Participant, a country must first join as a Certificate Consuming Participant.

There are currently 7 Certificate Issuing Participants. They are: Australia and New Zealand, Canada, France, Germany, Japan, the United Kingdom and the U.S.

4 Estimates based on IDC's "Worldwide IT Security Software, Hardware, and Services 2004-2008 Forecast: The Big Picture".

About Infocomm Development Authority of Singapore

The Infocomm Development Authority of Singapore (IDA) develops, promotes and regulates info-communications in Singapore, with the aim of establishing Singapore as one of the world's premier Infocomm capitals. To nurture an internationally competitive Infocomm industry, IDA offers a comprehensive range of programmes and schemes for both local and international companies. For more information, visit  

For media clarification, please contact:

Vivien Lee (Ms)
Manager, Corporate & Marketing Communication
Infocomm Development Authority of Singapore
Tel: (65) 6211 1750
Fax: (65) 6211 2227

For companies interested in obtaining CC certification for their products, please contact:

Chris Ng (Mr)
Product Manager (Common Criteria)
PSB Certification Pte Ltd
3 Science Park Drive, #03-12 PSB Annex,
Singapore 118223.
DID: (65) 6885 1613
Fax: (65) 6872 0531