cybersecurity
What to Expect During an ISO 27001 Audit?
Let's help you to understand the ISO27001 audit a.k.a The External Audit.
Ever heard of the Enterprise Development Grant? Getting ISO 27001 certified with EDG is possible!
Getting ISO certified can be a costly exercise for Startups and SMEs in Singapore, luckily there are avenues for you to explore and fund ~70% of the total costs (particularly your implementation).
What’s the EDG Grant?
The Enterprise Development Grant, also known as the EDG grant, is a grant under Enterprise Singapore provided for local companies to grow and transform via 3 main pillars - Core Capabilities, Innovation & Productivity and Market Access.
Given that ISO27001 is a global standard that helps organisations comply with best information security practices, it falls under the Market Access section.
Getting ISO certified allows for a higher level of access to deals with large enterprises, multinationals, governments, and other organisations that usually perform third party security risk assessments as part of their procurement processes.
Sounds great, what are the requirements?
There are 3 main requirements for eligibility:
- Be a business entity registered and operating in Singapore
- Have a minimum of 30% local shareholding
- Be in a financially viable position to start and complete the project
Of course, application approval is still dependent on the project scope, project outcomes and competency of service provider(s) that you choose.
How do I apply?
Application is done via the Business Grants Portal with your CorpPass. Submission process time is between 8-12 weeks. Do check in to the business grants portal as issues that need rectification may be done via the portal.
As with all application processes, this is the list of documents needed by Enterprise Singapore to process your EDG application.
The next important step to take note of is you must not have started on the project before application nor made payment and/or signed a contractual agreement to a third-party that is part of the application.
What is covered?
Assessment, training, first time certification and adoption/implementation of the standard. This could mean: the consultancy and implementation costs, tools costs, and auditor costs.
Using consultants for your certification: if you intend to bring management consultants into the process, they have to be Enterprise Singapore certified.
Other consultants and service costs can also be eligible if they are hired for the following reasons:
- Members/specialists in the consultancy team who are not providing management consultancy services, but are performing dedicated functions, such as market research, audit, fieldwork, design/ artwork, equipment installation, and drafting of legal agreements.
- Consultants offering technical advice and expertise in the development of new technology, and solutions vendors.
Need some help deciding? You can contact us for referrals! We have partnerships with consultants (and auditors) in Singapore that can help you apply to your EDG, implement, and audit your ISO27001 program with cysense.
Making grant claims
EDG projects are supported via reimbursement, so be mindful how you agree and manage the project deliverables as claims can only be submitted when the deliverables are achieved.
Do check here for information about the claims process.
Tip: Keep your project timeline to shorter than 12-18 months. Costs beyond the “first year” won’t be covered.
Don’t leave it for tomorrow!
The EDG grant programme has an expiration date. Check the Enterprise Singapore website to know more about the deadline to apply.
Honestly, it’s a great opportunity: Getting ISO 27001 certified is costly on the organisation’s human resource as well as financial resources, especially when consultants are brought in. The EDG can greatly help with alleviating your financial burden and make your certification accessible.
Disclaimer: This article is accurate as of 25th Jan 2022, with information from Enterprise Singapore. If you do need more information or have further queries on EDG, you may contact Enterprise Singapore at their SME centres here.
Ready for ISO 27001?
Based in Singapore too, we aim to make ISO 27001 easier for businesses to attain, to allow cybersecurity to become an asset for businesses to achieve more.
If you would like to know more about getting ISO 27001 certified with cysense and using the EDG grant, do contact us!
