COI Report – Part II
Page
28 of
425 (b) Working with MOHH’s Group Internal Audit team (“
GIA”) in connection with yearly internal audits on SingHealth's IT systems. c) Ensuring that SingHealth's IT enterprise programs remain aligned
with security requirements, ensuring compliance with prevailing security policies and standards, and overseeing SingHealth's IT risk assessment.
74. The SingHealth GCIO is supported
by the SingHealth GCIO office, which comprises about 50 staff, who are mostly IT directors from SingHealth's PHIs and domain or business analysts.
75.
SingHealth GCIO Benedict is assisted by Cluster ISO Wee Jia Huo
(“
Wee”) in fulfilling his responsibility for cybersecurity in SingHealth. Wee is the only staff in the SingHealth GCIO office who has a
portfolio specific to security, with no officers reporting to him. For cybersecurity matters, the GCIO office (including Wee) works collaboratively with IHiS CSG and IHiS Delivery Group. The SingHealth GCIO office is reliant on IHiS delivery group for both technical implementation of cybersecurity measures and compliance with cybersecurity policy and procedure.
76. The SingHealth Cluster ISO’s roles and responsibilities include a) Working on IT risk assessment (see section 12.3.2 (pg 44) below b) Liaising with internal auditors GIA and on followup on any audit findings or observations c) Being part of the security incident response and reporting process see paragraph a) (pg 38) below and d) Assisting GCIO in raising end-user
awareness of IT security in SingHealth.
