Last updated: May 2026
Security & Compliance
WerkDone handles sensitive patient data, next-of-kin information, and operational records for care organisations across Singapore. Security is not a feature — it is the foundation everything else is built on.
PDPA Compliant
Full obligation coverage
MOH CSE Aligned
Cyber Security Essentials
NEHR Ready
National health record integration
Bright Compatible
AIC care system interoperability
AES-256 Encryption
At rest and in transit
Singapore Data Residency
Data stays in SG
Client Owns Data
Full portability guaranteed
01
PDPA Compliance
WerkDone is designed to meet every relevant obligation under Singapore's Personal Data Protection Act (2012, revised 2020). Below is how our platform maps to each PDPA requirement.
| PDPA Obligation | How WerkDone Meets It |
|---|---|
| Consent | Consent collected at point of visitor check-in and stored with a timestamped audit record. Residents' NOK consent captured digitally during onboarding with version tracking. |
| Purpose Limitation | Data collected only for stated operational purposes (visit management, medication records, incident tracking). Purpose declared at collection point. |
| Data Minimisation | Only operationally necessary fields collected. No over-collection of personal data. Form fields reviewed quarterly against necessity. |
| Access & Correction | Data subjects can request access and correction through the facility. Platform supports data export and amendment workflows with audit trails. |
| Accuracy | Data validated at entry. Automated prompts for periodic review of resident records. Correction history maintained. |
| Protection | Data protected by AES-256 encryption, RBAC, MFA, and network segmentation. See Encryption and Access Controls sections. |
| Retention Limitation | Configurable retention policies per data category. Automated purge scheduling with audit confirmation. No indefinite retention by default. |
| Transfer Limitation | Data does not leave Singapore unless explicitly agreed in writing. No cross-border sub-processors by default. See Data Residency section. |
| Breach Notification | Documented incident response plan. Affected organisations notified within 24 hours of confirmed breach. PDPC notification facilitated within statutory timeline. |
| DPO Appointment | WerkDone has an appointed Data Protection Officer. Contact details provided upon request and in all data processing agreements. |
02
MOH Cyber Security Essentials Alignment
WerkDone's security architecture aligns with the Ministry of Health's Cyber Security Essentials (CSE) framework for healthcare providers and their technology partners.
Asset Management — All devices, servers, and data stores catalogued and classified. Hardware inventory updated on deployment. Software versions tracked centrally.
Access Control — Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication enforced for all admin accounts. See Access Controls section.
Data Protection — Encryption at rest (AES-256) and in transit (TLS 1.2+). Database-level encryption with managed key rotation. See Encryption section.
Network Security — Network segmentation between application, database, and management layers. Firewall rules reviewed quarterly. Intrusion detection enabled.
System Security — Automated patching for OS and dependencies. Vulnerability scanning on CI/CD pipeline. Penetration testing conducted annually by third party.
Incident Management — Documented incident response procedure. Escalation matrix with defined timelines. Post-incident review within 5 working days.
Business Continuity — Automated daily backups with geo-redundant storage. RTO and RPO defined per service tier. DR plan tested annually.
03
NEHR Integration
WerkDone is designed to integrate with Singapore's National Electronic Health Record (NEHR) — the national health data exchange operated by MOH and IHiS. This ensures that clinical data captured in OneCare can contribute to and draw from the longitudinal patient record shared across care settings.
| Capability | Details |
|---|---|
| Data Contribution | Clinical records, care plans, medication records, and discharge summaries from OneCare can be contributed to NEHR, supporting continuity of care across providers. |
| Data Retrieval | Authorised care staff can retrieve relevant patient history from NEHR within the OneCare interface, reducing duplicate data entry and improving clinical context at point of care. |
| Compliance | All NEHR data exchange follows MOH's data-sharing framework, including consent management, purpose limitation, and audit logging per PDPA and NEHR participation agreements. |
| Standards | Integration uses HL7 FHIR standards where supported. Data payloads conform to NEHR's published schemas and validation requirements. |
NEHR participation status: WerkDone's NEHR integration capability is available to all eligible ILTC providers. Activation requires a NEHR participation agreement with IHiS — WerkDone assists with the onboarding process.
04
Bright Interoperability
Bright is AIC's care management IT system used across the ILTC sector for referral management, service coordination, and reporting. WerkDone is designed to interoperate with Bright, ensuring that organisations using OneCare can maintain seamless data exchange with AIC's ecosystem.
| Capability | Details |
|---|---|
| Referral Sync | Client referrals received through Bright can be ingested into OneCare's Client 360, eliminating duplicate data entry and ensuring referral details are immediately available to care staff. |
| Service Reporting | OneCare can export service utilisation data, attendance records, and outcome metrics in formats compatible with Bright's reporting requirements, supporting AIC submissions. |
| Client Matching | Patient identifiers are reconciled between OneCare and Bright to prevent duplicate records and ensure data consistency across systems. |
| Subsidy & Claims | Subsidy eligibility data from Bright informs OneCare's Finance & Billing module, supporting accurate means-testing calculations and claims submission. |
For organisations already on Bright: WerkDone does not replace Bright — it extends it. OneCare handles the clinical, operational, and engagement workflows that sit outside Bright's scope, while maintaining data interoperability with AIC's system.
05
Data Residency
All client data is hosted in Singapore. Our infrastructure runs on a Singapore-region cloud environment (ap-southeast-1) operating from data centres certified to ISO 27001, SOC 2 Type II, and MTCS Level 3.
No client data is transferred outside Singapore unless explicitly agreed in writing as part of a data processing agreement. All sub-processors operate within Singapore jurisdiction by default.
For government and statutory board clients: WerkDone supports dedicated tenancy arrangements where data isolation requirements exceed shared infrastructure provisions. Contact us for details.
06
Encryption
| Layer | Implementation |
|---|---|
| At Rest | AES-256 encryption for all stored data. Database-level encryption enabled by default. Encryption keys managed via cloud KMS with automatic rotation. Backup files encrypted with separate key hierarchy. |
| In Transit | TLS 1.2 minimum enforced on all connections (TLS 1.3 preferred). HSTS headers enabled. API endpoints require HTTPS — plaintext HTTP rejected at load balancer. |
| Application Layer | Sensitive fields (NRIC, medical identifiers) additionally encrypted at application level before database write. Field-level encryption keys are client-specific. |
NRIC handling: In line with PDPA advisory guidelines on NRIC collection, WerkDone's default configuration masks NRIC display (showing only last 4 characters) and stores the full value in an encrypted, access-controlled field.
07
Access Controls
WerkDone implements role-based access control (RBAC) across the entire platform. Each user is assigned one or more roles that determine exactly which data, modules, and actions they can access.
Role-Based Access Control — Predefined roles (Admin, Supervisor, Nurse, Receptionist, Read-Only) with granular permissions per module. Custom roles available on request.
Multi-Factor Authentication — MFA enforced for all admin and supervisor accounts. Optional for frontline staff based on client security policy. Supports TOTP and SMS.
SSO Integration — SAML 2.0 and OpenID Connect support for organisations with existing identity providers. Active Directory integration available.
Session Management — Configurable session timeouts. Automatic logout on inactivity. Concurrent session limits per user. Session tokens rotated on privilege escalation.
Principle of Least Privilege — Default roles grant minimum necessary access. Privilege escalation requires admin approval. Access reviews recommended quarterly.
08
Audit Logging
Every meaningful action in WerkDone is logged with an immutable audit trail. Logs are tamper-protected and available for client review or export.
| What's Logged | Details |
|---|---|
| Authentication | Login attempts (success and failure), logout, MFA challenges, password changes, session timeouts. |
| Data Access | Record views, searches, and exports — including which user accessed which resident or patient record and when. |
| Modifications | All creates, updates, and deletes with before/after values. Change attribution to specific user and timestamp. |
| Admin Actions | Role assignments, permission changes, user provisioning and deprovisioning, configuration changes, data exports. |
| Retention | Audit logs retained for minimum 2 years. Extended retention available on request. Logs exportable in CSV or JSON for client audit use. |
09
Data Ownership & Portability
Your data belongs to you. WerkDone processes data on your behalf as a data intermediary under the PDPA. You retain full ownership at all times.
Client Owns All Data — Contractually guaranteed. WerkDone holds no intellectual property rights over client data under any circumstances.
Data Export on Request — Full data export available in standard formats (CSV, JSON) at any time during the contract. No export fees.
API Access — Documented REST API available for programmatic data extraction and integration with client systems.
No Vendor Lock-In — Data schema is documented and portable. No proprietary formats that prevent migration.
10
Contract-End Deletion
When a client contract ends, WerkDone follows a structured data destruction process to ensure complete, verified removal of all client data.
| Step | Details |
|---|---|
| Final Export Window | Client has 30 days after contract end to request a final data export. WerkDone assists with extraction at no additional cost. |
| Primary Deletion | All client data permanently deleted from production systems within 14 days of the export window closing. |
| Backup Purge | Client data purged from all backup systems within 90 days of primary deletion, in line with backup rotation cycles. |
| Deletion Confirmation | Written certificate of destruction issued to the client confirming all data has been permanently removed from all systems and backups. |
| Irreversibility | Deletion uses cryptographic erasure where supported. Physical media destruction not applicable (cloud-hosted). Deletion is permanent and irreversible. |
Have a specific compliance question?
Our team can walk through any of these areas in detail, provide documentation for your procurement process, or arrange a security review call.
Contact the Team →