Understanding ACRA’s Data Privacy Demands for XBRL Reporting
ACRA was amongst the initial regulators to adopt XBRL reporting for companies in Singapore. Since XBRL reporting requires sharing a company’s financial information in a digital format, it is essential to maintain robust data privacy measures and prevent data theft or fraud. ACRA requires all listed companies in Singapore to adhere to the data privacy requirements laid by the regulator.
All companies in Singapore must follow some external and internal security controls to ensure the privacy and confidentiality of their data. The following blog discusses ACRA’s data privacy requirements for XBRL reporting in Singapore. Read on to find out.
External Security Controls
Singapore’s Personal Data Protection (PDPA) Act provides a baseline standard for protecting personal data. The act comprises various requirements governing the collection, storage, use, and disclosure of personal data in Singapore. All companies in Singapore must follow the data protection act and conduct security audits to ensure the safety of their financial data.
Internal Security Controls
Companies in Singapore must undertake several internal security controls to ensure data privacy while filing XBRL reports with ACRA. These internal security controls are as follows:
- Infrastructure: To ensure data privacy, organisations must restrict unauthorised physical access to their premises and information. Every access point to the premises should be operated with authentication methods, such as biometrics, gate pass, 24×7 security guards, and CCTV surveillance.
- Network and Hardware: To ensure data privacy, ACRA recommends securing the network at the gateway level with IPS, IDS, Anti-malware, or Gateway Anti-virus. You should grant wireless access to the data only to a limited number of permitted devices.
- Software Licenses: You should procure all software licenses and computing equipment from a recognised vendor.
- Clean Desk: The service delivery zone should be kept paper-free, eliminating the possibility of sensitive information getting into the hands of an unauthorised person. However, if paper use is inevitable, the papers should be shredded before being discarded.
- Workstation: Removable storage media, such as CDs/DVDs or USBs, should be strictly prohibited around the workstation. Furthermore, data storage in the central area and access to external websites or portals should also be restricted.
- Storage, Backup, and Recovery: All financial data of the company should be stored on an internally located server. The data should be backed daily by a scheduler. Backup and recovery of data are essential for the continuity of services.
DataTracks: Helping You Prepare Error-Free XBRL Reports While Protecting Your Data
DataTracks has made its mark as the global leader in disclosure management due to its accuracy of reports and the security of client data. The security practices, policies, and infrastructure of DataTracks complies with ISO 27001:2013. If you outsource your XBRL requirements to DataTracks, you can rest assured that your financial information will be safely stored on their internally located server.
The experts at DataTracks have 18+ years of experience in preparing error-free compliance reports. They have successfully prepared more than 348,000 compliance reports for 23,400+ clients. Talk to a DataTracks professional at +65-31-582-850 or email enquiry@datatracks.com.sg TODAY!