We can help with SG Cyber Safe Certification

STACS x Privasec

#Client4Life Featured Case Study

From Information Security To Data Privacy,

Privasec is humbled and grateful to be the trusted cybersecurity partner, supporting STACS in their standards adoption journey of ISO 27001 Certification in 2022 and Data Protection Trustmark (DPTM) Certification in 2023.


Recognising the importance of information security and data privacy in today’s digital landscape, STACS’s commitment to staying ahead in control governance and proactively adopting the latest standards and best practices has been commendable. It is our honour to provide our expertise and guidance to help STACS achieve their goals. Thank you STACS for the successful, collaborative partnership and trust that your team has placed in Privasec with these engagements. We will remain dedicated to supporting STACS’s ongoing efforts to maintain the highest standards of security.

STACS is Asia’s leading ESG data and technology company, headquartered in Singapore. Its flagship ESGpedia platform powers the Monetary Authority of Singapore’s (MAS) Greenprint ESG Registry, ASEAN Single Accesspoint for ESG Data (SAFE) pilot initiative, and ESCAP Sustainable Business Network (ESBN) Asia-Pacific Green Deal digital assessment.

ESGpedia is a one-stop ESG data registry, providing ESG data across multiple industries, as well as digital solutions for global financial institutions, corporates, and SMEs to attain their ESG goals. As the largest ESG data registry in Asia with use cases across various sectors, the platform hosts over 5 million and growing sustainability data points, with comprehensive global company coverage harmonised and standardized by its artificial intelligence powered engine.

Managing such an extensive volume of companies’ ESG data ranging from certifications, credentials, to disclosures fundamentally requires a reliable information security management system and accountable data protection practices.  

Understanding the significance of a robust security framework and compliance with international standards, STACS has embarked on a standards adoption journey to continuously improve its organisation’s security posture. 

Also, with global institutional partners from the financial and non-financial sectors, the internationally recognised ISO Certifications were natural milestones in STACS’s journey towards scaling up globally.

In 2022, STACS has attained the ISO Certifications, ISO 27001 and ISO 23301 for Information Security Management System and Business Continuity Management System respectively. And in 2023, they achieved the Data Protection Trustmark (DPTM) Certification which demonstrates STACS’s commitment to upholding the highest standards of data privacy and security for their clients and stakeholders.

Our engagement with Privasec has been nothing short of exceptional!
From the very beginning, Privasec proved to be a reliable and dedicated partner. The collaboration has been marked by open communication, proactive guidance, and a shared commitment to achieving our security goals. Privasec's team has gone above and beyond, leveraging their expertise to help us implement robust data protection measures and navigate complex compliance requirements. We value their professionalism, expertise, and ongoing support throughout our engagement.

The Engagement

Recognising the importance of information security and ensuring compliance with international security standards, STACS first engaged Privasec for ISO 27001 certification. Through the engagement, STACS successfully implemented a robust Information Security Management System (ISMS) certified to the ISO 27001 standard, establishing a solid information security management foundation.

As STACS decided to pursue the Data Protection Trust Mark certification, it was a natural progression to engage Privasec again. With existing understanding of their internal controls and environments, our consultants ensured a seamless transition and alignment with the existing ISMS as STACS certify to the Data Protection Trustmark Certification. 

Key Takeaways

Enhanced Security Posture To Ensure Information Security and Data Privacy
Compliance & Security Assurance To The Stakeholders
Robust Governance Framework To Support Continuous Growth

ISO 27001 Certification with privasec

As a start, STACS engaged Privasec for the ISO 27001 Certification, an internationally recognised Information Security Management System standard. And within four months, STACS established a robust ISMS certified to the ISO 27001 Standards, which significantly elevated its security posture and implemented proper security controls according to its risk profile. This certification validated STACS’s commitment to maintaining the confidentiality, integrity, and availability of information assets on its ESGpedia platform, enabling enhanced ESG finance. 

Building on this foundation, STACS attained the ISO 22301:2019 certification – Business Continuity Management System for the provision of its blockchain infrastructure platform, where they went through an extensive audit of their organisation’s business continuity practices. 

Data Protection Trustmark (DPTM) Certifcation with privasec

With the increasing importance of data protection in today’s digital landscape, STACS recognises the need to prioritise data privacy alongside information security and business continuity. Hence, to ensure readiness and demonstrate their commitment to robust data protection services, STACS pursued the Data Protection Trustmark Certification.

Leveraging Privasec’s expertise and existing knowledge of the controls and internal environment, STACS successfully implemented robust data protection strategies and was awarded the DPTM Certification by IMDA. This certification positions STACS as a trusted service provider, having implemented the necessary measures to protect customer data and maintain data privacy.

A Mark of excellence

The DPTM Certification provides STACS with a competitive advantage over others, assuring the relevant stakeholders of the secure and responsible handling of their personal data. Through this engagement, STACS establishes a robust data protection framework aligned with data protection regulations such as EU General Data Protection Regulations (GDPR) and Singapore Personal Data Protection Act (PDPA). Covering various data management, protection and governance areas, the implementation of DPTM enhances regulatory compliance and reduces the risk of data breaches. 


Building on trust, growth and shared goals, the partnership between Privasec and STACS exemplifies our #Client4Life relationship. By assisting STACS in attaining their DPTM and ISO 27001 certifications, they have solidified their commitment to safeguarding customer data and ensuring compliance with international security standards. Not only has this successful collaboration provided STACS with security assurance, a competitive advantage, and a robust security posture, it positioned STACS as a trusted and reliable provider in the market.

It is with this elevated trust and reliability that STACS continues enhancing its ESGpedia platform to deepen its capabilities in data and AI, and meet the evolving needs of users by expanding its suite of data-driven solutions, to empower sectors across Asia towards Net Zero.

Privasec is honoured to have supported STACS in this journey, and we look forward to continuing the partnership, supporting the ongoing compliance efforts, and helping STACS navigate the ever-evolving cybersecurity landscape. Together, we can achieve greater heights and milestones!

Our Credentials

Related Posts:
Scroll to Top