July 12, 2018

Data Security & Breaches: Importance of OSPAR Certification

Outsourcing of services has been practised by Financial Institutions for a while now, and although so far it has proven to be generally effective, many are still underestimating the risks it holds. With so many organisations focusing on the cybersecurity of their company, they look past the fact that physical data security is equally, if not more important than its digital counterpart.

The average data security breach costs businesses more than S$5 million in fines and lost revenue. Many organisations tend to assume that the cause of most security breaches are hackers, but do not realise that actually one of the biggest threats to information security is human error and negligence, often on the part of insiders (i.e. their own staff, contractors or close partners). Furthermore, human error and negligence often result in physical data breaches as well as digital breaches. In fact, loopholes in physical data security tend to occur more frequently and are equally as damaging.

Take for example, the recent United Overseas Bank(UOB) case that occurred in July 2016. Local news site The Middle Ground released an investigation into the disposal of physical data and discovered a black trash bag behind UOB’s headquarters containing both corporate and personal documents from UOB. There were documents that exposed private details, NRIC numbers, phone numbers and even a user’s full address. This caused the Monetary Authority of Singapore(MAS) to investigate UOB and their failure in protecting its clients’ personal data.

Cases like this, and others, likely contributed to The Association of Banks in Singapore(ABS) making it a requirement for financial institutions in Singapore to have their outsourced service providers(OSP) audited by an external auditor. The Outsourced Service Providers Audit Report (OSPAR) provides credibility to the outsourced service provider and reassures financial institutions that the OSPAR certified organisation maintains an equivalent level of governance, rigour and processes as Financial Services are required to adhere to by the MAS.

Shred-it Singapore underwent the rigorous and thorough audit from 1st March 2016 to 31st August and has become one of the first few organisations in Singapore to be OSPAR certified. By undergoing the audit, Shred-it Singapore was able to show their Financial Services clients that the data entrusted to them for destruction purposes is securely processed according to the highest standards, thus providing them with additional peace of mind. Shred-it Singapore also believes that by undergoing OSPAR, it will raise the bar for other outsourced service providers, cause them to review their systems of operations and identify vulnerable areas in the workplace that might lead to a personal data breach.

Many financial institutions do not realize that an error on their outsourced service provider’s part will affect their own reputation and ultimately is still their responsibility. “Financial Institutions have the responsibility of verifying the credibility of the outsourced service provider they use. An uncertified OSP could lead to a data breach for the institution and while it is perfectly okay to outsource key functions, the ultimate responsibility cannot be abdicated and still rests firmly with the Financial Institutions themselves.” says Duncan Brown, General Manager of Shred-it Singapore.

As the world-leader in secure information destruction, Shred-it offers a full suite of solutions designed to protect confidential and personal information including paper shredding, hard drive and physical media destruction, and workplace security policies. For more information, please visit our Service page.