Governance


As one of Singapore’s Critical Information Infrastructure Operators, we are committed to maintaining the highest level of cybersecurity and data protection over our systems.  

To fortify our cyber resilience and guard against potential cyberattacks and breaches, we have developed a wide range of cybersecurity capabilities in alignment with the Singapore Cybersecurity Act, the LTA’s Rapid Transit Systems Act and the US National Institute for Standard and Technology Framework. We also conduct peer reviews on the best information technology and operational technology practices across the industry and adopted them to suit our businesses and operations.

We have an effective cybersecurity governance framework, with a clear delineation of roles and responsibilities for cybersecurity policy and system lifecycle management. The implementation of this robust cybersecurity governance framework has fostered accountability for cybersecurity throughout the company, enabling SMRT to effectively manage cybersecurity risks and respond promptly to emerging cyber threats.

To heighten our peoples’ cybersecurity awareness, our outreach efforts include e-learning programmes, webinars, learning opportunities from case studies and learning journeys to other organisations to exchange ideas and learn from their best practices. We also work with like-minded security partners to strengthen our cybersecurity posture.


Our cybersecurity team also conducts a range of activities to regularly engage our people on the importance of remaining vigilant and aware of potential cybersecurity threats. This includes simulated phishing exercises, accessible cybersecurity e-learning resources and delivered training, promotion of cybersecurity content and quizzes.

To build a more data-driven and digital SMRT, our STRIDES Engineering's newly established Data Office spearheads initiatives in data analytics, governance, and digital capabilities enhancement. With over 40 successful projects completed, spanning digitalisation, data analytics, and condition monitoring, our efforts encompass various sectors including rail operations, maintenance, electric mobility, customer insights, and corporate efficiency enhancement.

In SMRT, we have a Data Protection Office that oversees personal data protection responsibilities and ensure compliance with the Personal Data Protection Act (“PDPA”). We also have Data Protection Associates in each of our business units, that assist in ensuring our work processes and functions have robust data protection practices in place, to ensure that we handle personal data in a responsible manner.