Last updated: May 2026

Security & Compliance

WerkDone handles sensitive patient data, next-of-kin information, and operational records for care organisations across Singapore. Security is not a feature — it is the foundation everything else is built on.

PDPA Compliant

Full obligation coverage

MOH CSE Aligned

Cyber Security Essentials

NEHR Ready

National health record integration

Bright Compatible

AIC care system interoperability

AES-256 Encryption

At rest and in transit

Singapore Data Residency

Data stays in SG

Client Owns Data

Full portability guaranteed

01

PDPA Compliance

WerkDone is designed to meet every relevant obligation under Singapore's Personal Data Protection Act (2012, revised 2020). Below is how our platform maps to each PDPA requirement.

PDPA ObligationHow WerkDone Meets It
ConsentConsent collected at point of visitor check-in and stored with a timestamped audit record. Residents' NOK consent captured digitally during onboarding with version tracking.
Purpose LimitationData collected only for stated operational purposes (visit management, medication records, incident tracking). Purpose declared at collection point.
Data MinimisationOnly operationally necessary fields collected. No over-collection of personal data. Form fields reviewed quarterly against necessity.
Access & CorrectionData subjects can request access and correction through the facility. Platform supports data export and amendment workflows with audit trails.
AccuracyData validated at entry. Automated prompts for periodic review of resident records. Correction history maintained.
ProtectionData protected by AES-256 encryption, RBAC, MFA, and network segmentation. See Encryption and Access Controls sections.
Retention LimitationConfigurable retention policies per data category. Automated purge scheduling with audit confirmation. No indefinite retention by default.
Transfer LimitationData does not leave Singapore unless explicitly agreed in writing. No cross-border sub-processors by default. See Data Residency section.
Breach NotificationDocumented incident response plan. Affected organisations notified within 24 hours of confirmed breach. PDPC notification facilitated within statutory timeline.
DPO AppointmentWerkDone has an appointed Data Protection Officer. Contact details provided upon request and in all data processing agreements.

02

MOH Cyber Security Essentials Alignment

WerkDone's security architecture aligns with the Ministry of Health's Cyber Security Essentials (CSE) framework for healthcare providers and their technology partners.

  • Asset Management — All devices, servers, and data stores catalogued and classified. Hardware inventory updated on deployment. Software versions tracked centrally.

  • Access Control — Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication enforced for all admin accounts. See Access Controls section.

  • Data Protection — Encryption at rest (AES-256) and in transit (TLS 1.2+). Database-level encryption with managed key rotation. See Encryption section.

  • Network Security — Network segmentation between application, database, and management layers. Firewall rules reviewed quarterly. Intrusion detection enabled.

  • System Security — Automated patching for OS and dependencies. Vulnerability scanning on CI/CD pipeline. Penetration testing conducted annually by third party.

  • Incident Management — Documented incident response procedure. Escalation matrix with defined timelines. Post-incident review within 5 working days.

  • Business Continuity — Automated daily backups with geo-redundant storage. RTO and RPO defined per service tier. DR plan tested annually.

03

NEHR Integration

WerkDone is designed to integrate with Singapore's National Electronic Health Record (NEHR) — the national health data exchange operated by MOH and IHiS. This ensures that clinical data captured in OneCare can contribute to and draw from the longitudinal patient record shared across care settings.

CapabilityDetails
Data ContributionClinical records, care plans, medication records, and discharge summaries from OneCare can be contributed to NEHR, supporting continuity of care across providers.
Data RetrievalAuthorised care staff can retrieve relevant patient history from NEHR within the OneCare interface, reducing duplicate data entry and improving clinical context at point of care.
ComplianceAll NEHR data exchange follows MOH's data-sharing framework, including consent management, purpose limitation, and audit logging per PDPA and NEHR participation agreements.
StandardsIntegration uses HL7 FHIR standards where supported. Data payloads conform to NEHR's published schemas and validation requirements.

NEHR participation status: WerkDone's NEHR integration capability is available to all eligible ILTC providers. Activation requires a NEHR participation agreement with IHiS — WerkDone assists with the onboarding process.

04

Bright Interoperability

Bright is AIC's care management IT system used across the ILTC sector for referral management, service coordination, and reporting. WerkDone is designed to interoperate with Bright, ensuring that organisations using OneCare can maintain seamless data exchange with AIC's ecosystem.

CapabilityDetails
Referral SyncClient referrals received through Bright can be ingested into OneCare's Client 360, eliminating duplicate data entry and ensuring referral details are immediately available to care staff.
Service ReportingOneCare can export service utilisation data, attendance records, and outcome metrics in formats compatible with Bright's reporting requirements, supporting AIC submissions.
Client MatchingPatient identifiers are reconciled between OneCare and Bright to prevent duplicate records and ensure data consistency across systems.
Subsidy & ClaimsSubsidy eligibility data from Bright informs OneCare's Finance & Billing module, supporting accurate means-testing calculations and claims submission.

For organisations already on Bright: WerkDone does not replace Bright — it extends it. OneCare handles the clinical, operational, and engagement workflows that sit outside Bright's scope, while maintaining data interoperability with AIC's system.

05

Data Residency

All client data is hosted in Singapore. Our infrastructure runs on a Singapore-region cloud environment (ap-southeast-1) operating from data centres certified to ISO 27001, SOC 2 Type II, and MTCS Level 3.

No client data is transferred outside Singapore unless explicitly agreed in writing as part of a data processing agreement. All sub-processors operate within Singapore jurisdiction by default.

For government and statutory board clients: WerkDone supports dedicated tenancy arrangements where data isolation requirements exceed shared infrastructure provisions. Contact us for details.

06

Encryption

LayerImplementation
At RestAES-256 encryption for all stored data. Database-level encryption enabled by default. Encryption keys managed via cloud KMS with automatic rotation. Backup files encrypted with separate key hierarchy.
In TransitTLS 1.2 minimum enforced on all connections (TLS 1.3 preferred). HSTS headers enabled. API endpoints require HTTPS — plaintext HTTP rejected at load balancer.
Application LayerSensitive fields (NRIC, medical identifiers) additionally encrypted at application level before database write. Field-level encryption keys are client-specific.

NRIC handling: In line with PDPA advisory guidelines on NRIC collection, WerkDone's default configuration masks NRIC display (showing only last 4 characters) and stores the full value in an encrypted, access-controlled field.

07

Access Controls

WerkDone implements role-based access control (RBAC) across the entire platform. Each user is assigned one or more roles that determine exactly which data, modules, and actions they can access.

  • Role-Based Access Control — Predefined roles (Admin, Supervisor, Nurse, Receptionist, Read-Only) with granular permissions per module. Custom roles available on request.

  • Multi-Factor Authentication — MFA enforced for all admin and supervisor accounts. Optional for frontline staff based on client security policy. Supports TOTP and SMS.

  • SSO Integration — SAML 2.0 and OpenID Connect support for organisations with existing identity providers. Active Directory integration available.

  • Session Management — Configurable session timeouts. Automatic logout on inactivity. Concurrent session limits per user. Session tokens rotated on privilege escalation.

  • Principle of Least Privilege — Default roles grant minimum necessary access. Privilege escalation requires admin approval. Access reviews recommended quarterly.

08

Audit Logging

Every meaningful action in WerkDone is logged with an immutable audit trail. Logs are tamper-protected and available for client review or export.

What's LoggedDetails
AuthenticationLogin attempts (success and failure), logout, MFA challenges, password changes, session timeouts.
Data AccessRecord views, searches, and exports — including which user accessed which resident or patient record and when.
ModificationsAll creates, updates, and deletes with before/after values. Change attribution to specific user and timestamp.
Admin ActionsRole assignments, permission changes, user provisioning and deprovisioning, configuration changes, data exports.
RetentionAudit logs retained for minimum 2 years. Extended retention available on request. Logs exportable in CSV or JSON for client audit use.

09

Data Ownership & Portability

Your data belongs to you. WerkDone processes data on your behalf as a data intermediary under the PDPA. You retain full ownership at all times.

  • Client Owns All Data — Contractually guaranteed. WerkDone holds no intellectual property rights over client data under any circumstances.

  • Data Export on Request — Full data export available in standard formats (CSV, JSON) at any time during the contract. No export fees.

  • API Access — Documented REST API available for programmatic data extraction and integration with client systems.

  • No Vendor Lock-In — Data schema is documented and portable. No proprietary formats that prevent migration.

10

Contract-End Deletion

When a client contract ends, WerkDone follows a structured data destruction process to ensure complete, verified removal of all client data.

StepDetails
Final Export WindowClient has 30 days after contract end to request a final data export. WerkDone assists with extraction at no additional cost.
Primary DeletionAll client data permanently deleted from production systems within 14 days of the export window closing.
Backup PurgeClient data purged from all backup systems within 90 days of primary deletion, in line with backup rotation cycles.
Deletion ConfirmationWritten certificate of destruction issued to the client confirming all data has been permanently removed from all systems and backups.
IrreversibilityDeletion uses cryptographic erasure where supported. Physical media destruction not applicable (cloud-hosted). Deletion is permanent and irreversible.

Have a specific compliance question?

Our team can walk through any of these areas in detail, provide documentation for your procurement process, or arrange a security review call.

Contact the Team →