Welcome to Perennial Consultancy

SG Government
Cybersecurity Compliance

Navigate Mandatory Cybersecurity Requirements with Expert Guidance

Ensure compliance for Vendors supporting DSTA and Singapore Government on-premise projects


How Missed Cybersecurity Requirements Eats into Profit?

CyberSecurity Compliance is a critical component when undertaking Singapore Government Projects

A mandatory compliance & testing process your IT system must pass before going live or connecting to government networks

g


Our Cybersecurity Compliance & Audit Services

Acting as your independent assessor for Compliance

g

Presales / Project Management

Partner with us early at the tender stage at no cost during presales to ensure security compliance readiness, mitigate risks upfront and drive on-time delivery

Configuration Audits

Thorough audits of device configurations to identify and address security gaps, ensuring alignment with SG government standards

Compliance Documents

Develop essential compliance documents, such as SSCT Report, patch management plans, cybersecurity incident response etc, tailored to meet regulatory requirements

Professional Service

From secure network design to CIS hardening and procurement, we help ensure your infrastructure is audit-ready and aligned with government cybersecurity requirements

Technical Advisory

Offer technical advisory services, including remediation and mitigation strategies, to help vendors meet regulator's expectations or seek waivers to achieve compliance with less effort and disruption

VAPT

Conduct comprehensive VAPT (Vulnerability Assessment and Network Penetration Test) to strengthen system security, ensuring compliance with SG government mandates

Road to Passing System Security Compliance Test

Step 1

Review relevant Regulatory Cybersecurity Requirements

Step 2

Assess Systems and Network Design to identify assets

Step 3

Define Scope of Assessment to avoid surprises

Step 4

Develop SSCT Plan with scope, timeline & methodology

Step 5

Prepare required Documents and Plans eg. Patch Mgmt

Step 7

Execution eg. Compliance audit, VAPT & Report

Step 8

Guidance on Remediation / Mitigation or Waiver
g

Why Choose Us to manage your CyberSecurity Requirements?

Track Record (click to view)

With a strong track record in Singapore government projects, we understand agency expectations and proactively resolve issues before they become blockers

Licensed by Singapore Cybersecurity Agency (CSRO)

To provide penetration testing and cybersecurity services. Licence No CS/PTS/C-2022-0123R

100% Singapore Based

Our team comprises Singaporeans and PRs based in Singapore, meeting stringent clearance requirements for government projects

Experienced Personnel

Our team are CREST and CISSP certified, with > 15 years of experience across key IT domains—network, application and cybersecurity—ensuring holistic and practical support throughout your project.

We Handle Cybersecurity Compliance, You focus on the Delivery

FAQ's

It is a structured test and documentation process to verify that your IT system meets GovTech’s baseline cybersecurity requirements before it can go live or be connected to government networks.

You must undergo SSCT if you are:

  • A vendor or contractor delivering software, systems, or infrastructure to Singapore government agencies

  • Working on projects involving:

    • Classified or confidential data

    • Government infrastructure

    • GovTech-mandated cloud or on-prem systems

An SSCT typically includes:

  1. SSCT Test Plan Submission – How vendor assess and document their Cybersecurity Posture

  2. Documentation Review – Patch Management Plan, Cybersecurity Incidence Response Plan, Backup Plan etc.

  3. Technical Testing, often including:

    • System Security Audit

    • Vulnerability assessment

    • Penetration testing

  4. Remediation & Retest if issues are found Or Mitigation / Waiver if compliance is not feasible

Vendor is usually required to work an independent third-party to perform the testing

  • Before UAT (User Acceptance Testing)

  • Before Go-Live

  • Or at milestones during the project delivery cycle


Latest Articles

G

G

Let's Start the Conversation