Follow us:
CREDIBLE™ Programme
Practical PDPA Compliance for Singapore SMEs
A tiered programme that helps SMEs implement PDPA- aligned controls, build evidence and earn trust without overwhelming complexity
What Does CREDIBLE™ Certified Mean?
CREDIBLE™ is designed for Singapore SMEs who need more than template policies. We help you operationalise PDPA requirements into processes, ownership and evidence so your team can handle real requests, manage vendors, respond to incidents, and meet customer due diligence expecatations
.png)
Why We Created CREDIBLE™
Most SMEs don't struggle because they "ignored PDPA". They struggle because compliance is often document only and not embedded into daily operations
Common SME Challenges
-
Policies exist, but staff don't know what to do when access requests or complaints happen
-
Vendor sharing and data intermediary arrangements are unmanaged
-
Cybersecurity and data protection run as separate projects
-
Compliance is "done once" then fades due to unclear ownership and no evidence discipline
What CREDIBLE does differently
-
Turns PDPA into an operating system: SOPs + roles + evidence
-
A tiered structure so SMEs can start light and mature overtime
-
Build readiness for customer audits, procurement checks and enterprise onboarding
-
Creates a clear pathway towards recognised trustmarks when ready
Why CREDIBLE when Singapore has government-linked certifications (e.g., SS 714 / Data Protection Trustmark)?
National standards and trustmarks (e.g., SS 714 / DPTM) are valuable for trust and market recognition. However, many SMEs find it challenging to go straight into these frameworks without first building operational maturity.
CREDIBLE exists as the SME-friendly pathway:
-
Start Practical (Foundation) — implement baseline PDPA controls
-
Build Capability (Growth) — embed governance, ownership, and training
-
Reach Maturity (Growth+) — become audit-ready with deeper controls and accountability
-
Optional — use your evidence pack and maturity outcomes to support future pursuit of trustmarks when you are ready
CREDIBLE is the SME ramp: implement controls, build evidence, then pursue national certification when ready.
CREDIBLE certification is a separate programme governed by the CREDIBLE Registrar and does not replace national trustmarks.
Who Is CREDIBLE™ For?
SMEs handling personal data in sales, HR, operations, or customer support
SMEs looking to combine PDPA governance with baseline cybersecurity readiness
Companies onboarding enterprise customers requiring vendor due diligence
Firms preparing for procurement requirements, RFPs and audit
CREDIBLE™ Certification Levels (Foundation → Growth → Growth+)
CREDIBLE certification is tiered and dependency-based:
-
To attain Growth, you must first attain Foundation
-
To attain Growth+, you must first attain Foundation + Growth
1
Foundation Certified
Baseline PDPA compliance implemented
Focus: Clarify + Reinforce
- PDPA Compliance Assessment and Baseline gap identification
- PDPA Overview Briefing
- DPO Appointment letter
- DIM Interview and 4 DIMS
- Core internal and external PDPA policies
- Foundational SOPs and registers
- Certification
2
Growth Certified
Capability + Governance embedded
Focus: Enable
- PDPA Compliance Assessment and Baseline gap identification
- PDPA Overview Briefing
- DPO Appointment letter
- DIM Interview and 4 DIMS
- Core internal and external PDPA policies
- Foundational SOPs and registers
- Certification
- Intermediate PDPA training and enablement
- Departmental or functional PDPA audit and follow-up demonstration
- Data intermediary governance framework
- Risk register development
- Expanded policy set (retention, incident management, third-party management)
- DPO Appointment
- Monthly 1 hour online call support
- Address queries and support for PDPA matters
- Quarterly webinar to get latest PDPC Policy updates
- AC360 Shield - Email Protection
- AC360 DataSecure - Device Protection
3
Growth+ Certified
Maturity + Audit readiness
Focus: Defend + Influence (mature controls & accountability)
- PDPA Compliance Assessment and Baseline gap identification
- PDPA Overview Briefing
- DPO Appointment letter
- DIM Interview and 4 DIMS
- Core internal and external PDPA policies
- Foundational SOPs and registers
- Certification
- Intermediate PDPA training and enablement
- Departmental or functional PDPA audit and follow-up demonstration
- Data intermediary governance framework
- Risk register development
- Expanded policy set (retention, incident management, third-party management)
- DPO Appointment
- Monthly 1 hour online call support
- Address queries and support for PDPA matters
- Quarterly webinar to get latest PDPC Policy updates
- AC360 Shield - Email Protection
- AC360 DataSecure - Device Protection
- Incident triage and advisory guidance
- Preliminary fact-finding support
- Assessment of data impact and PDPA notification thresholds
- Regulatory Reporting and Compliance Support
- Post-incident remediation recommendations
- Conduct breach drill based on organisation's policies
- Conduct a DIM review
- Conduct a cybersecurity scan
- Conduct a physical security review
What Included?
The table below shows what you receive at each level. Growth includes Foundation, and Growth includes Foundation + Growth+.