COI Report – Part II
Page
42 of
425 12.2 Cluster-level platforms for SingHealth 119. For the SingHealth Cluster, there are four Board-level committees that have oversight of IT security matters for SingHealth.
(a) First, SingHealth Board. The SingHealth Board receives summaries of the discussions
in Board committees, and if necessary, key matters are escalated to the Board for attention or decision. The Board meets quarterly. b) Second, the IT Committee (“
ITC”), comprising Board members and co-opted members from external institutions who have IT expertise. Senior management representatives from SingHealth, such as GCEO Prof. Ivy, Dy GCEO Prof. Kenneth and Group Chief Information Officer (“
GCIO”)
Benedict Tan (“
Benedict”),
attend
ITC meetings, which are held two to three times a year. The terms of reference of the ITC include reviewing IT security providing oversight and direction on IT infrastructure development and making recommendations to the Board on Cluster IT development policies, plans and issues.
(c) Where audits and key risks relate
to cybersecurity matters, these are also deliberated by the Audit Committee (“
AC”)
and the Risk Oversight Committee (“
ROC”).
GCEO Prof. Ivy also attends the AC and ROC meetings, which are held two to three times a year.
On an annual basis, the MOHH Group Internal Audit team (“
GIA”)
identifies and prioritises the key risk areas (including for cybersecurity) together with input from SingHealth management, and comes up with the annual audit plan for the AC's review and approval. d)
At SingHealth management-level, the Cluster IT Council (“
CITC”)
is the overall governing body for IT across the SingHealth Cluster. The CITC reports to the ITC. The CITC is chaired by GCEO Prof.
