Overview
Technological disruptions and evolutions have drastically changed global industries, markets, and our way of life. To support Singapore’s ambition to build a Smart Nation, the Government has accelerated its digital transformation efforts to improve service delivery, operations, and policy-making through the use of technology in a secure and cost-effective manner.
The Instruction Manual for ICT&SS Management (Also known as IM8) seeks to support agencies as they adopt ICT&SS to enable their digital transformation. It provides guidance on best-in-class practices to uplift agencies’ ICT capabilities, including a mix of ‘what’ and ‘how’ requirements with the risk areas based on their System Criticality, Security, and Sensitivity Classification.
To maintain relevance in the face of the exponential rate of change in technological applications and practices, the Instruction Manual for ICT&SS Management actively engages agencies to solicit their views, and uses international standards and practices as a benchmark.
In our continuous effort to foster a vibrant environment for innovation, we have embarked on Singapore Government ICT & SS Policy Reform. More detail is available here.
Awards and Recognitions
In 2021, the Instruction Manual for ICT&SS Management was awarded the Agile Governance through Digitalisation award in the Administration category of the IDC Smart City Asia Pacific Awards (SCAPA).
Objective
The Instruction Manual for ICT&SS Management supports agencies to deliver fit-for-purpose, secure, and cost-effective solutions/services through:
- Ensuring good governance of ICT&SS and balancing the need for standardisation with affording flexibility for customisation.
- Providing guidance on the use of technology and best-in-class practices while ensuring tiered risk mitigation, for the Government to be “digital-to-the-core”.
- Enabling the acquisition, fusion, access, distribution, exploitation, and protection of data across agencies to achieve a government that is “data-driven to the core”.
Scope
The Instruction Manual for ICT&SS Management covers a wide range of domains. Some examples include the Digital Service Standards (DSS), Third Party Management (TPM), and Data.
Digital Service Standards (DSS)
DSS enables agencies to implement their digital services to meet the Digital Government Blueprint (DGB) goal of delivering digital services that are easy, seamless and relevant for our citizens and businesses. It is important that all our public facing digital services meet the DSS, so that our citizens and businesses can use consistently good services across the government.
The design principles of the DSS include:
-
Intuitive Design and Usability: As the government’s digital ‘shopfront’, our digital services must be well designed so that citizens and businesses can interact and transact with us digitally in an intuitive and easy to use manner.
-
Accessibility and Inclusivity: Government digital services must be designed to benefit all population segments, including persons with disabilities. We embrace the international accessibility standard, Web Content Accessibility Standards (WCAG), and is also aligned with local standard, SS618: Guidelines on User Interface Design for Older Adults.
-
Relevance and Consistency: Our digital services must be relevant to the needs of our citizens and businesses, and provide a consistent experience across the government. They shall carry a ‘branding’ that uniquely identifies them as government digital services, in keeping with the ethos of one public service.
Third Party Management (TPM)
The TPM domain provides the requirements for the evaluation and selection, contracting and onboarding service management and exit management of Third Parties like vendors, including standard ICT contract templates for agencies to use. This ensures that agencies have oversight over Third Parties to make sure that associated security, data, and project risks in engaging them are adequately managed. The TPM is organised based on the lifecycle stages, such as:
- Evaluating and Selection, which includes identifying, assessing, prioritising, and mitigating the risks of outsourcing to Third Parties.
- Contracting and Onboarding, which includes establishing contracts or equivalent instruments with the necessary controls and governance requirements, as well as onboarding of Third Parties like personnel security clearance/briefing.
- Service Management, which includes oversight to ensure associated risks are identified and managed by maintaining a register, establishing governance structure to monitor and review the Third Party’s compliance and performance feedback, and conducting compliance audits/checks like self-assessment by Third Parties.
- Transition Out, which includes developing exit management plans and conducting exit audits/checks.
Data
The Data Domain Group, encompassing data governance, architecture, protection, sharing and storage, aims to ensure that agencies put in place effective data management practices to utilise and safeguard data in all stages of its lifecycle. This sets out the requirements for the access and distribution, and exploitation of data, which is necessary for sharing of data, organised into the following domains:
- Data Classification, which includes the Security Classification Framework where agencies are to classify data based on damage to agency’s interests/national interests/national security due to unauthorised disclosure of data, and the Information Sensitivity Framework where agencies are to classify data based on potential impact to the individual/entity due to authorised disclosure of data.
- Data Protection (Data Security) which refers to the process of protecting the confidentiality, integrity, and availability of data, where agencies shall use the Data Security Risk Assessment Methodology to assess the data security risk, and adopt a risk based approach to protect data. This ensures that there is a consistent WOG approach to protecting data and ensuring that the appropriate level of security is implemented.
- Data Acquisition, which includes Data Minimisation where agencies are not to collect data in excess to minimise the risks due to unauthorised use and disclosure; use of WOG Data Platforms to obtain data for their use cases; maintain good Data Quality by ensuring that data is accurate, consistent, timely, relevant and complete; ensure Data Discoverability by maintaining accurate metadata and making these available for search is a key way to make data discoverable; and comply with Data Storage and Retention Requirements by retaining data only for the period necessary for the fulfilment of the purposes.
- Data Processing and Fusion, which includes minimising errors arising from data processing, such as coding errors, data entry errors, computation errors, and minimising the risk of unauthorised re-identification of individuals or entities through fusion or integration of de-identified datasets.
- Data Access and Distribution, where agencies are to abide with the grounds for disclosure data such as authorised by law or required by order of court, necessary in the public interest, express consent or deemed consent.
Target Audience and Adoption Criteria
All Government Ministries, Organs of State, Departments, and Statutory Boards are to comply with the Instruction Manual for ICT&SS Management, incorporate the requirements into tender specifications, and work with developers and vendors to implement the requirements in the system.
Resources and Templates
Case Studies
LifeSG, which is a platform for over 70 digital services provided by more than 40 agencies, is an example that has benefited from the Instruction Manual for ICT&SS Management. LifeSG complies with the Digital Service Standard (DSS), which involves taking a citizen-centric approach when implementing digital services.
LifeSG was initially conceptualised as Moments of Life in June 2017, and it aimed to be a platform for residents to access digital services during various stages of their lives. When LifeSG was first released in June 2018, the focus was on supporting digital services for the beginning of one’s life journey, such as birth registrations, access to a baby’s immunisation records, applications for the Baby Bonus Scheme, and more. Since then, LifeSG has been enhanced to support other critical moments of life, such as ageing and caregiving. Today, LifeSG provides residents access to a suite of digital services that covers critical moments of life, from cradle to grave.
Contact Information
For enquiries, contact info@tech.gov.sg.
Disclaimer: This page does not set out the full set of compliance requirements under the Instruction Manual (“IM”) for ICT&SS Management. Please approach your agency’s intranet resources for more information on the IM for ICT&SS Management.
Last updated 13 May 2024
Thanks for letting us know that this page is useful for you!
If you've got a moment, please tell us what we did right so that we can do more of it.
Did this page help you? - No
Thanks for letting us know that this page still needs work to be done.
If you've got a moment, please tell us how we can make this page better.