Security Collaboration Platform

Integrate multiple security systems into one unified interface by connecting' visitor management, incident tracking, and video surveillance, enabling centralised monitoring, intelligent response coordination, and streamlined security operations management.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Cloud and Multi-Device Accessibility

Main Question: Does your solution allow for cloud-based, mobile-based, and/or web-based usage?

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - Integrated Security Operations

Main Question: Does your solution collaborate with at least three of the following components to enable visualisation, sense-making, intelligent responses, and streamline security operations:

Component Options: a. Virtual Patrol, such as setting up virtual patrol routes scheduled to run at specified fixed timing, etc. b. Video Analytics, such as providing Intrusion Detection Module, Camera Tampering Module, Loitering Detection Module, etc. c. Video management system, such as managing camera feeds, recording, playback, display, remote viewing, searching for specific incidents within video archive via parameters (e.g. area of interest, object height, colour, direction of motion), etc. d. Car park management system, such as Licence Plate Recognition (LPR), monitoring occupancy with parking sensors and cameras, providing real-time data on available parking spaces, etc. e. Visitor Management system, such as capturing detailed visitor information e.g. name, partial identification number, photo and other forms of biometric data and/or issuing of visitor pass for access to the organisation's premise, etc. f. Access control, such as using access cards, mobile applications, biometric, etc.

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Q3 🔴 Mandatory - Security Workflow Automation

Main Question: Does your solution organise and automate security workflows from a unified perspective and enable informed decision-making (e.g. Incident Management)?

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🔴 Mandatory - Incident Reporting

Main Question: Does your solution provide automated reporting capabilities to generate user-friendly and actionable reports, such as security incident reports and management reports (e.g. key metrics reports and charts with clear overview of security incident and parameters)?

🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]

Q5 🔴 Mandatory - Cluster Remote Surveillance

Main Question: Does your solution allow remote surveillance of multiple sites or a cluster of sites?

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🔴 Mandatory - Real-time Security Monitoring

Main Question: Does your solution include real-time monitoring, alert, and notification with mitigation and SOP actions that keep users informed during any events, incident, issues, or emergency?

🔴 Answer: ○ Yes [Next: Q7] ○ No [⚠️ Cannot Proceed]

Q7 🔴 Mandatory - System Integration and Connectivity

Main Question: Does your solution demonstrate the capability to seamlessly interoperate and integrate with existing or new systems, including surveillance cameras, IoT devices, and sensors?

🔴 Answer: ○ Yes [Next: Q8] ○ No [⚠️ Cannot Proceed]

Q8 🔴 Mandatory - Open API support

Main Question: Does your solution provide APIs for sharing information with external platforms or solutions, and allow users to migrate and archive their data?

🔴 Answer: ○ Yes [Next: Q9] ○ No [⚠️ Cannot Proceed]

Q9 🟡 Preferred - Customer Opt-In or Opt-Out

Main Question: Does your solution allow customers the flexibility to opt-in or opt-out of the integrated security monitoring components?

🟡 Answer: ○ Yes [Next: Q10] ○ No [Next: Q10]

Q10 🟡 Preferred - 3D Building Visualisation Capabilities

Main Question: Does your solution support 3D building layout map or visualisation?

🟡 Answer: ○ Yes [Next: Q11] ○ No [Next: Q11]

Q11 🟡 Preferred - Maintenance Request

Main Question: Does your solution allow ad hoc or scheduled notifications for users to initiate repairs or maintenance?

🟡 Answer: ○ Yes [Next: Q12] ○ No [Next: Q12]

Q12 🔴 Mandatory - Dashboards and Reports

Main Question: Can your solution provide dashboards and reporting capabilities to track key metrics, user interactions, operational performance, or other relevant data insights across your digital solution?

Dashboard Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

Interactive Features: The dashboard must include at least one of the following interactive features:

• Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa

• Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q13] ○ No [⚠️ Cannot Proceed]

Q13 🟡 Preferred - AI Features

Main Question: Does your solution incorporate AI in your core features and functions?

🟡 Answer: ○ Yes [Next: Q14] ○ No [Next: Q15]

--

Q14 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q13

Main Question: Describe your AI feature and its benefits. Examples are:

AI Feature Examples: a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q15] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q15 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q16] ○ No [⚠️ Cannot Proceed]

Q16 🔴 Mandatory - Personal Data Protection

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Q17 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months?

Scope Requirements: The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Note: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q18] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q18 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q19] ○ No [Next: Q21]

Q19 🟡 Preferred - CEM for Product Principal

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q20] ○ No [Assessment Finished]

--

Q20 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q19

Main Question: Please specify the following information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q21 🟡 Preferred - CEM for Resellers

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q22] ○ No [Assessment Finished]

--

Q22 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q21

Main Question: Please specify the following information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]