Information Security Policy

Covered Services

This document delineates the administrative, technical, and physical controls applicable to the array of services offered by 3Pro Solutions, collectively termed the “Services.”

Architecture and Data Processing

3Pro Solutions’ Services operate within a secure, multi-tenant architecture, designed to limit access to Client Data strictly based on business necessity. Our system architecture ensures effective data separation for various clients through:

• Physical separation for clients utilizing dedicated tenancies.
• Logical separation in shared tenancies via unique “Client IDs” and “Project IDs,” complemented by role-based access controls.

Personal Data Processed

The Services may process various Personal Data, which can include:

• Identifiers such as full name, email, ID number, age, gender, job title, and company details.
• Visual data captured during service usage, including images or videos.
• Facial recognition data and identification documents.

Business Data Processed

In addition to Personal Data, the Services might process:

• Digital identifiers like IP addresses and login details.
• Infrastructure configurations, secrets, and educational or examination schedules.

Retrieval of Client Data

Upon a termination request from a client, 3Pro Solutions commits to providing a downloadable file of Client Data in a recognised format, free of charge, for thirty (30) days following the agreement’s conclusion. Beyond this period, 3Pro Solutions reserves the right to delete all Client Data, following legal obligations.

Information Security Management Program (ISMP)

3Pro Solutions maintains an ISMP with safeguards befitting our business size and the sensitivity of the information we process, emphasising the security and confidential treatment of Client Data. This program is routinely revised to stay abreast of evolving practices and standards.

Assigned Security Responsibility

A designated security official at 3Pro Solutions is charged with overseeing the ISMP’s development, execution, and maintenance.

Relationship with Sub-processors

3Pro Solutions ensures that all Sub-processors engaged in the handling of Client Data adhere to our stringent security standards.

Hiring

Every employee at 3Pro Solutions undergoes thorough vetting and is required to commit to confidentiality regarding Personal Data handling.

Access Controls

Robust access control policies are enforced to limit information system access to authorised personnel only, with timely revocation of access as necessary.

Data Integrity and Management

3Pro Solutions encrypts data transmissions within our Services using standard secure methods. We prioritise working with Data Hosting providers renowned for their security measures.

Incident Management

An incident response plan outlines the steps to be taken in the event of any unauthorised disclosure of Client Data, focusing on immediate notification, investigation, and remediation efforts.

Security Breach Management

Should a security breach occur, 3Pro Solutions pledges to notify affected clients promptly, in compliance with the Personal Data Protection Act (PDPA). Our response plan includes regular updates on the breach and its remediation, with 3Pro Solutions’ Data Protection Officer (DPO) serving as the primary contact for such matters.

Data Protection Officer (DPO) Contact Details:

• Name: Mohamed Rabeek Ravuthar
• Email: rafiq@3prosolutions.com
• Contact Number: +65 84997151

3Pro Solutions commits to cooperating with affected clients in addressing the breach, including fulfilling our obligations to notify the Personal Data Protection Commission (PDPC) as required under the PDPA.