How Secure Is WACCFINDER?

WACCFINDER is certified by the Singapore government.

WACCFINDER carries the Cyber Essentials mark issued by Cyber Security Agency of Singapore.

The Cyber Essentials mark is published as Singapore Standardisation Programme, Technical Reference 106 (TR 106).

You can get a copy of TR 106:2022 “Tiered cybersecurity standards for enterprises” here: TR 106:2022 "Tiered cybersecurity standards for enterprises"

Customer Identify and Access Management (CIAM)

  • All accounts are secured with two-factor authentication (2FA).
  • Email and mobile phone logins are authenticated.

Data Protection Obligations

  • User data including consents, preferences, and user data is stored in an auditable fashion.
  • All user data is encrypted in motion and at rest.
  • Access logs provide transparency and accountability for user actions.

Data Subject Access Rights

WACCFINDER allows individuals to access, edit, and request information about their personal data.

Right to Rectification

Users can edit data records anytime, and all rectification activities are logged for audit purposes.

Right to Erase or Delete Personal Data ("Right to Be Forgotten")

Users can request the deletion of personal data, and all actions are logged for audit purposes.

Data Portability

Users can request a download of their calculations.

Vendor Risk Management

  • Strong user authentication and protection mechanisms are employed against network-based threats.
  • Web application firewall secures all operations.
  • VPN service provider is certified compliant with ISO 27001:2013, ISO 27018:2014, SOC 2 Type 2, HIPAA/HITECH, and EU-US Privacy Shield Framework.

Organization’s Accountability

WACCFINDER maintains fine-grained role- and attribute-based access controls and logs for evidence of data access.

Data Residency and Transfer

VPN service provider offers various data residency settings to comply with country-specific regulations.

For example:

  • No encryption at rest for personal identifiable information stored in China.
  • Data hosting and storage in Russia with secondary storage in the European Union.