12 November 2013 | Regulatory Compliance – Scope and Implication for Project Managers
Time: 7.30pm to 9.30pm (Registration and Buffet Dinner starts from 6.30pm)
Venue: SMU Lee Kong Chian School of Business | 50 Stamford Road | Seminar Room 1.2 | Level 1
Understanding the Personal Data Protection Act 2012
The PDPA came into effect in January 2013 and establishes a data protection regime to govern the way organisations in Singapore collect, use, disclose and process personal data.
The transition period under the PDPA is still ongoing to allow organisations time to review and adopt internal personal data protection policies and practices. The PDPA will be implemented in two phases with the first phase having already been implemented in the beginning of 2013. The first phase relates to the formation of the Personal Data Protection Commission. The second phase of implementation deals with two areas, being the establishment of the “Do Not Call” registry (a registry which will allow individuals to register their telephone numbers to opt out of receiving marketing calls or SMSes) and the DNC Registry provisions coming into effect on 2 January 2014 and the main data protection rules coming into effect on 2 July 2014.
In addition, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guidelines (TRM Guidelines) and Technology Risk Management Notices (TRM Notice) on 21 June 2013. In particular, the TRM Notice sets out the legal requirements relating to technology risk management for financial institutions, including requirements for a high level of reliability, availability and recoverability of critical IT systems. As the TRM Notice will take effect from 1 July 2014, financial institutions will have less than 12 months to work towards being compliance ready with the TRM Notices requirements.
At this session, we will be looking at key areas covered by the TRM Guidelines which Project Managers need to be aware of, such as:
– TRM framework to manage technology risks
– Management of IT outsourcing risks
– Systems reliability, availability and recoverability
– Operational infrastructure security management
– Enhanced data centre protection and controls
We will also be covering the main obligations under the TRM Notice which Project Managers need to be aware of when working toward compliance:
– Identification of “critical system”
– Maintenance of “high availability” and Recovery time objective (“RTO”)
– Notification of “relevant incident”
– Submission of root cause and impact analysis report
– Protection of customer information