Data Bureau will never ask you to transfer money or disclose banking log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if a contact is legitimate.

Certification Framework

Standards

The institutional framework under which Data Bureau assesses, certifies, and governs credentialed entities in Singapore.

Section 1

Certification Framework

Data Bureau's certification framework establishes the structure under which entities may be assessed, credentialed, and maintained within the institution's verification system.

Purpose of Certification

Certification by Data Bureau constitutes an independently verified attestation that an entity meets the institution's published standards at the time of assessment. It is not an endorsement, advisory, or guarantee of future conduct.

Scope of Application

The framework applies to Singapore-registered business entities seeking certification under the Authority Certificate programme. Extensions to additional entity types and domains are governed by separate addenda published as the institution's mandate expands.

Validity & Renewal

All certificates carry a defined validity period. Certified entities are subject to periodic re-assessment. Certificates may be suspended or revoked if an entity no longer satisfies the criteria under which certification was issued.

Governance

The framework is governed solely by Data Bureau (Singapore) Pte. Ltd. Assessment decisions are made independently of applicants, appointed agents, and any commercial relationship the institution may hold. No external party may direct or influence an assessment outcome.

Section 2

Certificate Assessment Criteria

DB-001: Certificate of Business Authenticity

DB-001 is Data Bureau's Certificate of Business Authenticity — the institutional standard under which Singapore-registered entities are assessed, credentialed, and maintained within the Data Bureau verification registry. The assessment areas published below represent the publicly documented portion of DB-001. Additional criteria applied at the institution's discretion are proprietary and not disclosed.

The assessment areas below are illustrative. An entity may satisfy every published area and still not receive certification where proprietary assessment factors indicate material risk. Published areas are a necessary but not sufficient condition for certification.

DB-001

Certificate of Business Authenticity — Assessment Areas

The following outlines the assessment areas considered under DB-001. These areas are illustrative and do not represent the complete scope of evaluation conducted.

Assessment Area 1

Business Legitimacy

  • Demonstrates a verifiable and lawful foundation as an active, registered commercial entity in Singapore.
  • Upholds a transparent and accountable ownership structure that reflects the values of good governance.
  • Maintains a consistent and verifiable presence across all official registries and public records.
  • Evidences an ongoing and uninterrupted commitment to lawful commercial activity, with no indication of cessation or regulatory disruption.
  • Sustains a principal and beneficial ownership structure that is identifiable, traceable, and free from material ambiguity.

Assessment Area 2

Reputation & Public Standing

  • Cultivates a public reputation that reflects high standards of customer experience and fair dealing.
  • Demonstrates a consistent record of engaging with feedback and stakeholder concerns in good faith and in a timely manner.
  • Maintains a credible and positive standing across independent public platforms and professional channels.
  • Operates with a track record free from patterns of unresolved disputes, escalated complaints, or conduct that undermines public trust.

Assessment Area 3

Online Presence & Digital Footprint

  • Maintains a credible and professionally presented digital presence that accurately represents the business and its activities.
  • Demonstrates verifiable ownership and stewardship of its digital assets, consistent with its established commercial identity.
  • Sustains an active and consistent engagement with audiences across relevant digital and social platforms.
  • Ensures that all public-facing contact and communication channels are accessible, verified, and responsive to stakeholder enquiries.

Assessment Area 4

Legal Standing & Regulatory Compliance

  • Upholds full compliance with all statutory, regulatory, and licensing obligations applicable to the nature and scope of its business activities.
  • Demonstrates a clean and unencumbered legal record across all principals, directors, and the entity as a whole.
  • Meets all applicable data protection and privacy obligations with demonstrable governance practices and an accountable framework.
  • Operates with the integrity and transparency expected of a responsible, law-abiding business in Singapore.

Assessment Area 5

Financial Standing

  • Demonstrates the financial health and going-concern capacity expected of a credible and sustainably operating business.
  • Maintains a clean record with respect to outstanding financial obligations, enforcement actions, and official advisory or debarment registries.
  • Exhibits a demonstrated and consistent capacity to meet financial commitments to employees, creditors, and commercial counterparties.
  • Reflects sound financial stewardship and responsible management of the business's fiscal affairs.

Assessment Area 6

Operational Credibility

  • Operates from an identifiable and verifiable business location consistent with its stated commercial activities and publicly registered particulars.
  • Maintains an active and capable team or principal with demonstrable day-to-day responsibility for the delivery of its products and services.
  • Presents a professional, coherent, and consistent identity across all contact, communication, and customer-facing channels.
  • Offers products or services that are clearly defined, lawfully provided, and substantiated by credible evidence of delivery and fulfilment.
  • Demonstrates a history of ethical conduct, professional integrity, and accountability in all its business dealings.
  • Reflects a commitment to the standards of operational excellence expected of a credentialed member of the Data Bureau verification registry.

Partial Disclosure

The assessment areas listed above are illustrative in nature and do not represent the complete set of factors evaluated under DB-001. Additional proprietary criteria are applied at the institution's discretion and are not subject to public disclosure. An entity may satisfy every published condition and still not receive certification where proprietary assessment factors indicate material risk.

Administrative Provisions

2.1   Authority & Governance

This standard is maintained exclusively by Data Bureau (Singapore) Pte. Ltd. Appointed verification agencies may conduct assessments on behalf of Data Bureau but do not have authority to modify, override, or waive any criterion. The final certification decision rests with Data Bureau.

2.2   Review Cycle

The standard shall be reviewed annually. Criteria may be added, modified, or removed following a structured review process. Version changes will be published with a minimum 60-day advance notice before taking effect. Certifications issued under a prior version remain valid until their expiry date.

2.3   Appeals

A business that receives an adverse determination may submit a formal appeal to Data Bureau within 30 calendar days of notification. Appeals must be submitted in writing and include supporting evidence. Data Bureau will issue a determination within 21 business days of receipt. The appeal decision is final.

2.4   Reapplication

A business rejected on time-based criteria may reapply once those criteria are met. A business rejected for substantive non-compliance must wait a minimum of 12 months before reapplication. A business whose Authority Certificate has been revoked due to misconduct or material misrepresentation is subject to a 36-month exclusion period from the date of revocation, subject to review by Data Bureau.

2.5   Continuous Monitoring

Certification does not end at issuance. Certified businesses are subject to continuous post-certification monitoring by Data Bureau (Singapore). Adverse events — including regulatory actions, scam intelligence flags, or material changes to the business — may trigger a review and, where warranted, revocation of the Authority Certificate. Businesses will be notified before any revocation decision is made, except where the adverse event requires immediate suspension.

Section 3

Compliance Guidelines

Certified entities are bound by ongoing compliance obligations for the duration of their certificate's validity period.

Accuracy of Submitted Information

All information submitted in support of a certification application must be accurate, current, and complete. Misrepresentation — whether by omission or commission — constitutes grounds for immediate revocation.

Notification of Material Changes

Certified entities must notify Data Bureau — through their appointed agent — of any material change to their corporate structure, ownership, key personnel, or regulatory status within 30 days of such change occurring.

Permitted Use of Certification Mark

The Data Bureau certification mark and credential identifiers may only be used in the form and context prescribed by the institution. Use that implies a broader scope of certification than was assessed is prohibited.

Cooperation with Re-Assessment

Entities must cooperate with any re-assessment initiated by Data Bureau during the certificate's validity period. Failure to cooperate within a reasonable timeframe will result in suspension pending resolution.

No Transfer of Certification

Certificates are issued to the specific entity assessed and are non-transferable. A change in ownership or effective control requires a new application.

Section 4

Terminology & Definitions

The following terms carry specific meanings within Data Bureau's standards framework.

Authority Certificate
A credential issued by Data Bureau attesting that a named entity has been assessed and found to meet the institution's published standards at the time of issuance.
Applicant
A Singapore-registered entity that has submitted or intends to submit an application for certification through an appointed agent.
Appointed Agent
An entity formally authorised by Data Bureau to receive and submit certification applications on behalf of applicants. Agents do not participate in or influence assessment decisions.
Assessment
The structured evaluation conducted by Data Bureau of an applicant's submitted documentation and independently sourced data against the institution's assessment criteria.
Certification Mark
The visual identifier and associated credential code issued by Data Bureau for use by a certified entity, subject to the institution's usage guidelines.
Material Change
Any change to an entity's corporate structure, directorship, beneficial ownership, regulatory licensing, or operational status that would have been relevant to an assessment had it existed at the time of application.
Suspension
A temporary status applied to a certificate where the entity's continued compliance with certification criteria is under review. A suspended certificate is publicly flagged in the Data Bureau verification system.
Revocation
The permanent cancellation of a certificate, applied where an entity is found to have misrepresented information, ceased to meet the criteria, or failed to cooperate with the institution's processes.
Validity Period
The defined duration for which an issued certificate remains active, subject to continued compliance. Certificates are not automatically renewed; renewal requires a formal re-assessment process.

Section 5

How to Apply

Applications for certification are administered through appointed agents. Direct applications to Data Bureau are not accepted. The process follows four stages from agent engagement to certificate issuance.

  1. 1

    Engage an Appointed Agent

    The applicant identifies and engages a Data Bureau appointed agent. The agent acts as the formal liaison between the applicant and Data Bureau throughout the certification process. A list of appointed agents is available upon enquiry through the institution's contact channels.

  2. 2

    Submit Documentation

    The applicant prepares and submits the required documentation to their appointed agent, who reviews it for completeness before formally lodging the application with Data Bureau. Required documentation is specified by the agent based on the certification class applied for.

  3. 3

    Assessment

    Data Bureau conducts an independent assessment of the application against the institution's criteria. This includes cross-referencing submitted information against independent data sources. The applicant may be requested to provide supplementary documentation during this stage. The assessment timeline varies by application complexity.

  4. 4

    Certificate Issued

    Upon successful assessment, Data Bureau issues the Authority Certificate to the applicant through the appointed agent. The certificate is simultaneously registered in the institution's public verification system and carries a unique credential identifier that any party may verify.

Ready to apply for certification?

Contact Data Bureau to receive information on appointed agents in your sector and begin the certification process.

Get in Touch →