|
|
|
|
|
|
by bosslee
3712 days ago
|
|
|
Hi there My name is Bryan and I'm one of the co-founders of a local company Intraix. Our company has been selected to be one of the vendors and is involved in the HDB Smart Home Trials with a local Telco - M1. I am pretty sure I would be able to paint out perspectives from different spectrums of this conversation. In term of data protection and ensuring security, The agencies involved in the smart home trial did put in a lot of effort to ensure that all companies in the program complies to the [Personal Data Protection Act] (https://www.pdpc.gov.sg/legislation-and-guidelines/overview) with very stringent criteria to data handling passed down to all the vendors. As a matter of fact, our system had to face penetration tests conducted by Ernst and Young, a big 4 Auditing Firm before we can even get past the initial gates of entrance. I’m not saying that these measures are perfect but I believe the agencies, especially the Infocomm Development Authority (IDA) is really serious about data privacy. |
|
|
Auditing is not about security. It's about checking if proper procedures are in place, separation of duties, there's "access control", etc.
One thing it'll miss out on is the security of the system. You say that they performed penetration tests, but IMO saying that E&Y performed it makes me doubt the security.
FWIW, company I work for also has the big auditing firms (all of them) come along and perform audits.