top of page
DPEX Network Main Image (TBD) (1).jpg
GRCP Banner Image.png

GRC Professional Training (GRCP)

Duration: 3 Days

DAY 1 - 03-Jun-2024

DAY 2 - 04-Jun-2024

DAY 3 - 05-Jun-2024

Course Fees before funding:

SGD 3924.00

Including 8% GST WEF 01 Jan 2023

Training Partners:


Contact: 6974 8949 | 6920 5462


Ideal For

  • Internal auditors

  • Compliance professionals

  • Governance professionals

  • Risk management professionals

  • GRC professionals

  • Legal professionals

  • IT professionals dealing with GRC

  • Managers responsible for GRC activities

  • Executives and board members

Watch our course trailer video here:


The GRC Professional Training Course is a first-of-its-kind course in Singapore. Under license from the Open Compliance & Ethics Group (OCEG), the course helps individuals develop a core understanding and skills to integrate governance, risk management and compliance in one capability.

The three-day course comprises:

  • a hands-on workshop with practical cases studies

  • real life example exercises while incorporating world-wide best practices

  • a project on the design of an integrated GRC capability across your organisation

Course attendees will also be provided with the OCEG GRC Capability Model, relevant templates, tools as well as GRC software for easy tracking and reporting to set up your own GRC capability.

This course also prepares you to successfully pass the GRC Professional (GRCP) certification exam (exam voucher to be purchased separately) and become individually certified as a GRCP. The GRCP certification shows the individual has the core understanding and skills to integrate corporate governance, risk management, internal control and compliance activities.

Register for the course today!

  • DPEX_network_logo_M
  • Facebook
  • LinkedIn
  • Twitter
  • YouTube


  • What is the Data Protection Trustmark (DPTM) Certification?
    The Data Protection Trustmark (DPTM) certification is a voluntary 3-year certification owned and issued by Singapore’s Infocomm Media Development Authority (IMDA). Attaining the certification enables organisations in Singapore to publicly demonstrate accountable data protection practices.
  • Is it an international certification like ISO?
    It is a local enterprise-wide certification. However, organisations that have undergone or obtained ISO/IEC 27001 or 27701 certification may find it easier to attain DPTM as they have shown good information security and privacy management procedures.
  • Who is the Data Protection Trustmark (DPTM) issued by?
    The certification process is owned and administered by the Info-communications Media Development Authority (IMDA). For more information, you can visit the Data Protection Trustmark Certification - Infocomm Media Development Authority within IMDA’s website.
  • What are the key assessment requirements of the Data Protection Trustmark (DPTM)?
    Organisations shall have written documentation on policies, processes and practices for data protection and must also demonstrate that their data protection policies, processes and practices are implemented and practised on the ground. These are based on a set of robust and comprehensive criteria, such as: Trained Data Protection Officer and staff to handle their stakeholders’ personal data; Reasonable collection, use and disclosure of data with consent obtained and purpose made known; Appropriate measures for protection, retention and disposal of data; Provision of withdrawal of consent, and access and correction of data; and Appropriate measures to take in the event of data breach.
  • What are the key objectives of the Data Protection Trustmark (DPTM)?
    For organisations to demonstrate sound and accountable data protection practices; to provide a competitive advantage for businesses that are certified; to boost consumer confidence in organisations’ management of personal data; and to enhance and promote consistency in data protection standards across all sectors. Organisations can use the DPTM to increase their competitive advantage and build trust with their customers and stakeholders.
  • How long does it take to get the Data Protection Trustmark (DPTM)?
    As this is an external assessment by an IMDA-appointed assessment body, the length is very dependent on the strength and currency of your organisation’s existing Data Protection Management Programme (DPMP) and size of the organisation. The entire assessment and certification process (end to end) can be anywhere between 9 months months to a year.
  • Who qualifies for the Data Protection Trustmark (DPTM)?
    The DPTM can be applied for by organisations that have established a data protection regime to comply with the PDPA's obligations. The organisation must either (1) be incorporated or recognised under Singapore laws, or (2) be based in Singapore or have an office or place of business there, but it cannot be a public agency (as defined in the Personal Data Protection Act 2012).
  • What is the period of validity for the Data Protection Trustmark (DPTM) Certificate?
    The certificate will be valid for 3 years. Should organisations wish to undergo re-certification, it would need to re-apply at least 6 months from the date of expiry of the certification.
  • Is the Data Protection Trustmark (DPTM) recognised overseas?
    The DPTM is a local certification scheme recognised in Singapore. A mutual recognition of similar certifications may be explored by the PDPC, depending on regional developments.
  • Is this a data privacy certification for companies?
    Yes, it is recognised as an enterprise-wide data privacy certification that demonstrates compliance with the Personal Data Protection Act (PDPA).
  • If my organisation is a DPTM-certified organisation, will it absolve my company from regulatory financial penalties for breaches of the PDPA?
    No, being DPTM-certified does not mean your organisation is immune from data breaches or contraventions of the law. Being DPTM-certified simply means that your organisation has robust data protection practices and will count as a mitigating factor in the event of an investigation by the PDPC for a data breach or contravention of the PDPA.
bottom of page