This would fail already due to the lack of knowing who is responsible :wtf: (I doubt anyone wants to be responsible or accountable).
To be honest, large companies and organisations have stringent auditing processes and would have IT risk&governance staff dealing with compliance and security issues. I am sure those people do exist at CoJ/Sanral, but I doubt that they understand their jobs since the whole of IT is outsourced. Subsequent to CoJ I phoned a number of large companies for my own sanity and asked the general helpdesk who I would speak to with regards to their website security and guess what? Across all sectors (finance, insurance, transport, mining, retail, agriculture, hospitality, medical, pension) I tried, I got a positive response via the call-centre within 10-30 minutes.
I don't think the onus should be on us to ensure that government agencies do their jobs properly. There are sufficient frameworks, regulations and industry standards to govern this properly - one just needs to want to