CFOtech Asia - Technology news for CFOs & financial decision-makers
Asia
EY Singapore wins data protection & cyber trust marks
Data Protection Digital Transformation Data Privacy

EY Singapore wins data protection & cyber trust marks

Mon, 11th May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

EY in Singapore has received the Data Protection Trustmark and the Cyber Trust Mark. The certifications cover six EY entities for data protection and one for cybersecurity.

Both trust marks are valid for three years from April 2026. The Data Protection Trustmark was awarded to Ernst & Young Solutions, Ernst & Young, EY Corporate Services, Ernst & Young Advisory, EY Corporate Advisors and Ernst & Young Corporate Finance.

The Data Protection Trustmark is a voluntary, enterprise-wide certification issued by the Infocomm Media Development Authority to show that an organisation has accountable data protection practices in place.

The six entities underwent third-party audit and validation of their data protection practices, reinforcing data governance, safeguards and protection standards.

The Cyber Trust Mark was awarded separately to Ernst & Young Advisory, which received the Cyber Trust Advocate designation, the highest tier under the national certification programme run by the Cyber Security Agency of Singapore.

The scheme is aimed at large organisations, businesses with advanced digital maturity, and companies operating in or supplying regulated sectors. The certification provides independent assurance over cybersecurity controls across governance, risk management, technology and operations.

Singapore has in recent years sought to strengthen its position as a trusted centre for business and data. National certification programmes such as the Data Protection Trustmark and the Cyber Trust Mark are part of that broader effort to raise standards in data stewardship and cyber resilience across the corporate sector.

Liew Nam Soon, Singapore Managing Partner at Ernst & Young Solutions, as well as EY Asia East Deputy Regional Managing Partner and Asean Managing Partner, linked the awards to that broader environment.

"In today's data-driven economy, organizations have a responsibility to continually strengthen their data protection and cyber practices, as Singapore seeks to reinforce its position as a trusted global business and data hub. Data protection and cyber security cannot be an afterthought - it should be a key part of business resilience," he said.

Data protection

The Data Protection Trustmark applies across multiple parts of EY's Singapore operations rather than a single business line. That broader scope matters for firms handling large volumes of client, employee and corporate information across advisory, corporate finance and support functions.

Nam Soon said the certification reflects work on governance and operating practices across the organisation.

"Trust is the foundation of our business and we are proud to be DPTM-certified, demonstrating the rigor of our data governance and commitment to high standards of data protection. It affirms our investments and continual efforts in embedding data protection and security in the way we operate and serve our clients and builds confidence with stakeholders in an increasingly digital-first world. Beyond compliance, responsible data stewardship is key to growth, innovation and resilience. The certification process has helped raise enterprise-wide awareness of the importance of data protection and firmly anchor it as part of our culture," he said.

Cyber tier

The Cyber Trust Mark award was narrower in scope but placed Ernst & Young Advisory at the top level of the programme. The Cyber Trust Advocate tier is reserved for organisations assessed against the framework's highest standard.

EY also noted that it is a licensed cybersecurity service provider in Singapore. In that context, the certification carries weight for clients in sensitive or regulated sectors that require external assurance over cyber governance and operational controls.

The assessment covered governance, risk management, technology and operations, all areas often examined by customers and regulators when reviewing whether service providers can handle critical systems or confidential information.

Nam Soon said the result reflects the work of teams in Singapore and across the wider organisation.

"Achieving the Cyber Trust Mark as a Cyber Trust Advocate is a result of the collective efforts of our Singapore and globally managed services teams. This certification is an independent validation of EY's cybersecurity posture against the highest standard. It demonstrates our differentiated strength in working with clients on sensitive or regulated projects, providing greater confidence in our ability to deliver large-scale and complex engagements. It reflects our secure operating environment with clear accountability and consistent security practices, supporting higher-quality work and enabling teams to operate confidently in trust-critical and regulated contexts," he said.

Related stories
Digital identity: How it powers APAC's fintech boom
Singapore consumers adopt autonomous AI despite trust fears
apexanalytix launches Qubiton for AI-powered supplier checks
Google Cloud launches AI agent platform in Southeast Asia
When identity becomes the payment rail
Top stories
Addepar launches data exchange on Databricks for AI
Renew Risk launches US solar storm catastrophe model
NCS chief Sam Liew wins Singapore tech leader award
Quantum buyers demand proof as budgets face scrutiny
FM expands FM Essential for manufacturers in new markets