Digital Edge is proud to announce that we successfully assisted and obtained an OSPAR certification for one of our FinTech clients.
What is OSPAR? (OUTSOURCING (abs.org.sg))
OSPAR (Outsourced Service Providers Audit Report) is a report that can only be issued by the largest accredited auditors.
It is a critical pre-requisite for the third-party vendors, that demonstrates their adherence to stringent guidelines and the best practices if they wish to conduct business in Singapore.
Association of Banks in Singapore (ABS) is the key regulating entity in Singapore, setting the criteria that should be followed by all stakeholders:
- FIs (Financial Institutions, such as Banks)
- Auditors – such as Big4 companies
- Outsource providers – such as our FinTech client
Why is this important?
Our client says, “Ever since onboarding our largest customer, one of the largest Asian banks, along with a large Singapore bank obtaining this accreditation has been and will continue to be a priority to maintain and grow business in that region.”
As of January 2022, there are only 108 companies globally that have achieved this, and our client is one of them.
What is different this year from the previous certification?
In 2020:
- The scope was limited to two production environments only;
- The audit period covered six months (Jan 2020 - Jun 2020);
- The audit, although passed, cited two items that were noted as needing remediation.
In 2021:
- Clients' base and technological footprint have grown significantly since then – with over five production environments;
- The audit period for this round was 15 months (July 2020 – Sept 2021); the three-month extension beyond the typical 12 was to accommodate go-live for an Asian bank to be in scope – a major milestone that was met & successfully covered in the audit;
- It is worth noting that the audit requires a significant amount of documentation surrounding a broad set of policies & procedures. This documentation includes a commensurate number of evidence artifacts that showcase our adoption of the stated policies;
- Despite the substantial expansion in scope, the audit showed no exceptions requiring remediation: an incredible result for all involved.
CIO of the client company commented, “Digital Edge has been & continues to demonstrate what it means to be a partner. Their team not only helped collect and organize the material shared withthe auditors, but also built a tool called Cyber Regulator (CR) (subsequently deployed at AWS Marketplace)."
CR was licensed earlier this year to facilitate our documentation around ISO 27001. Digital Edge was committed to introducing the changes necessary to be used for OSPAR.
The auditors expressed their delight, stating that this tool made reviewing the artifacts much more straightforward, substituting long and tiresome process of exchanging large Excel spreadsheets.
Digital Edge continues to grow its capabilities in cybersecurity and privacy compliance. Our experience with multiple frameworks, standards and certifying authorities grows gradually each year. In 2021, our team members obtained auditors' certifications, multiple cybersecurity certifications, AWS certifications. Our earlier successful HITRUST certification demonstrated our knowledge of HIPAA laws and regulations.
Our skillset is fully aimed at successful results, bringing clients over the finish line regardless of the difficulty of the situation and the complexity of the framework.