Security & Compliance.
Enterprise-grade security built for regulated industries. SOC 2 Type II certified, VAPT-tested, and trusted by financial institutions and government agencies across Singapore.
Certifications & audits
SOC 2 Type II
Independent third-party audit of our security, availability, and confidentiality controls. Full report available under NDA.
VAPT
Vulnerability Assessment and Penetration Testing conducted by an independent security firm. Report available under NDA.
ISO 27001:2022
Information security management system certification in progress against the ISO 27001:2022 standard.
CSA Singapore Internet Health
Cyber Security Agency of Singapore Internet Health check - 100% score. Public report available.
DR & Business Continuity
Disaster Recovery and Business Continuity exercise and report completed. Available under NDA.
MAS / IBF Technology Evaluation
Selected as sole technology partner for the Future Skills Accelerator after evaluation across 8 categories, including System Performance (Security) and System Performance (Scalability).
SOC 2 Type II report, VAPT report, and DR/BCP report available under NDA for qualified enterprise prospects.
Request under NDA →Security program
- Hosted on Amazon Web Services (AWS) - enterprise-grade cloud infrastructure
- Data in transit encrypted with TLS v1.3
- Data at rest encrypted with AES-256
- Location-agnostic storage supports regional data residency requirements
- Single-tenancy and private cloud deployment options available
- Mandatory Multi-Factor Authentication (MFA) for all system access
- Single Sign-On (SSO) integration
- VPN-only access to internal systems - no direct public exposure
- Formal user registration and de-registration with immediate access revocation on termination
- Role-based access controls across all platform modules
- Monthly external vulnerability scans on all externally facing systems
- Annual penetration testing by independent third-party security firms
- AI-assisted continuous threat monitoring and anomaly detection across internal systems
- Severity-based remediation protocols with tracked resolution timelines
- Up-to-date anti-malware software deployed across all endpoints
- Continuous logging of all access attempts and system activity
- Regular access log reviews with automated alerting
- Unauthorised access detection with documented response procedures
- Dedicated incident response plan tested via annual DR exercises
- Integrated engineering, operations, and legal teams for security governance
- Mandatory security and privacy awareness training for all staff on hire
- Annual refresher training for all personnel
- Enhanced training frequency for roles with access to sensitive data
- Organisational culture built around customer trust and data protection
- Security policies reviewed annually or on significant regulatory change
- Risk assessments using industry-standard methodologies
- Third-party vendor security assessments before integration
- Dedicated Data Protection Officer (DPO)
- PDPA (Singapore) compliant data handling and retention policies
- Data subject rights supported via customer support channels
Sovereign-grade
Wired into Singapore's national digital infrastructure.
Not government-friendly - government-integrated. JobTech connects directly to the same national identity and skills rails that every major Singapore bank and public agency runs on.
National Digital Identity
The national digital identity rail. A single Singpass authorisation lets an employee securely unlock their government-verified records - the same rail every major Singapore bank and public agency runs on.
Government-verified career & skills record
With Singpass authorisation, JobTech reads directly from an individual's Careers & Skills Passport - the government-verified career and skills record held for every Singapore citizen and permanent resident. Tamper-proof competency data, straight from the source.
Security enquiries
Contact our Data Protection Officer directly.