ISO 27001
ISO/IEC 27001 provides requirements for organizations seeking to establish, implement, maintain and continually improve an information security management system. This framework serves as a guideline towards continually reviewing the safety of your information, which will exemplify reliability and add value to services of your organization.
Tiger Brokers' achievement of ISO/IEC 27001 certification demonstrates the company's commitment to keeping its promises to customers in terms of business and security compliance.
ISO 27701
ISO/IEC 27701 is an international standard that specifies requirements and provides guidance for establishing, implementing, maintaining and continuously improving a privacy information management system (PIMS). It extends ISO/IEC 27001 to specifically address privacy and the protection of personally identifiable information (PII), making it highly relevant for organisations acting as PII controllers or processors.
ISO 27018
ISO adopted the first international cloud privacy code of conduct, ISO/IEC 27018 (an annex to ISO/IEC 27001), in 2014. The standard is based on EU data protection law and provides specific guidance for cloud service providers (CSPs) acting as personal information (PII) processors on how to assess risks and implement advanced controls to protect PII.
ISO 29151
ISO 29151, also known as the Information Security Standard, is a globally recognised standard that provides guidelines for protecting personally identifiable information (PII) in information technology. This standard is part of the ISO/IEC 27000 family, a series of international standards for information security management systems. The primary focus of ISO 29151 is to establish controls and guidelines that organisations can implement to manage privacy risks related to the processing of PII.
ISO 20000
ISO/IEC 20000 is the international ITSM (IT service management) standard. It enables IT departments to ensure that their ITSM processes are aligned with the business’s needs and international best practices.
The ISO 20000 standard helps organisations benchmark how they deliver managed services, measure service levels, and assess their performance.
Obtaining ISO/IEC 20000 certification indicates that Tiger Brokers has implemented standardised IT service management procedures to provide efficient and reliable IT services and regularly monitor, review and improve them. This certification helps organisations demonstrate to their customers that their service requirements will be met.
ISO 9001
ISO 9001 is a globally recognized standard for quality management. It helps organizations of all sizes and sectors to improve their performance, meet customer expectations and demonstrate their commitment to quality. Its requirements define how to establish, implement, maintain, and continually improve a quality management system (QMS).
Implementing ISO 9001 means your organization has put in place effective processes and trained staff to deliver flawless products or services time after time.
OSPAR
Tiger Brokers achieved the Singapore Outsourced Service Provider’s Audit Report (OSPAR) attestation. Tiger Brokers’ alignment with the Association of Banks in Singapore (ABS) Guidelines on Control Objectives and Procedures for Outsourced Service Providers (ABS Guidelines) demonstrates to customers AWS’ commitment to meeting the high expectations for cloud service providers set by the financial services industry in Singapore.
The ABS Guidelines recommend that Singapore banks select outsourced service providers that meet the controls set out in the ABS Guidelines, which can be demonstrated through an OSPAR. An OSPAR attestation involves an external audit of the service provider’s controls against the criteria specified in the ABS Guidelines.
NIST CSF
The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of high-level cybersecurity outcomes that can be used by any organization — regardless of its size, sector, or maturity — to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes.