Data Protection & Cybersecurity Academy

Software and System testing

Data protection laws around the globe require ‘reasonable’ security. To determine what ‘reasonable’ means, regulators often refer to (simple) risk assessment models. Actual guidance on what is deemed ‘reasonable’ tends to be couched in list taken from established security engineering frameworks, like Open Web Application Security Project (OWASP) Top10. However, in actual enforcement decisions one rarely finds a ‘risk assessment failure’ mentioned; more frequently one sees examples around case specifics, such as ‘lack basic protection against vulnerabilities like Structured Query Language (SQL)-injection’. In contrast, many decisions raise issues with ‘insufficient testing’, or ‘lack of oversight during system approval’ (sometimes infelicitously called ‘inadequate User Acceptance Testing (UAT)’), and even direct organisations to conduct Vulnerability Assessments or Penetration Tests. These issues are not limited to small or non-Information Technology (IT) savvy enterprises. Software and system testing are by nature risk based, and a separate engineering discipline. This course provides an overview on core concepts specific to software and system testing, critical for the operational side (in terms of functionality, security, and data protection) as well as contractual considerations.

This course is ideal for busy Data Protection Officers (DPOs), managers, project, and compliance officers, who are responsible for project approvals and system deployments. The course explains the typical engineering jargon, common misunderstandings, and technical details in an understandable and practical manner useful for non-IT audience.

Who should attend?

Privacy Engineers, Technical Staff, Developers, Data Analysts, Data Architects, and Project Managers
DPOs, Compliance Professionals, and Corporate / In-house Counsels

Course Details

Course Code:	CS102
Title:	Software and System testing
Duration:	½ day (approximately 3.5 contact hours)
Mode of Training:	In-person
Available Date(s):	14 May 2025 13 June 2025
Time:	9.00am - 12.30pm (SGT)
Venue:	Drew & Napier LLC, 10 Collyer Quay, 10th Floor, Ocean Financial Centre, Singapore 049315
Course Fee:	S$300.00 (excluding GST)

Course Outline

What makes testing different and difficult
Test Fundamentals
- Manual, automated, or smart
- Black box, Gray box, and White box
- Test Coverage
Test Scope
- Functional Testing
- Integration Testing
- System Testing
- Regression Testing
- System Acceptance Testing
- User Acceptance Testing
- Security Testing
- Privacy and Data Protection Testing
Third Party Testing
- Testing versus Monitoring (Security Operations Centre (SOC))
- Vulnerability Assessment (VA)
- Penetration Testing (PT)
- Singapore’s Cybersecurity Service Provider's Licence

Course Facilitator

Albert Pichlmaier

Senior Cybersecurity and
Privacy Engineer

Senior Learning Technology
Designer, Drew Data
Protection & Cybersecurity
Academy

T:	(65) 6535 0733 (main line)
F:	(65) 6535 4906 (main line)
E:	hrrecruit@drewnapier.com (For HR enquiries)
	mail@drewnapier.com (For general and all other enquiries)