PDPA 2012: Singapore's Personal Data Protection Act - Primary legislation governing the collection, use, disclosure, and care of personal data. Essential for defining data protection requirements in risk assessments.
Cybersecurity Act 2018: Framework for protection of Critical Information Infrastructure (CII) and regulation of cybersecurity service providers in Singapore. Defines cybersecurity risk assessment requirements for critical sectors.
Computer Misuse Act: Legislation addressing computer crimes and unauthorized access. Important for identifying and assessing potential security threats and vulnerabilities.
Electronic Transactions Act: Provides legal foundation for electronic transactions and digital signatures. Relevant for assessing risks in electronic business operations.
MAS TRM Guidelines: Monetary Authority of Singapore's Technology Risk Management Guidelines - Specific requirements for financial institutions regarding technology risk assessment and management.
Healthcare Services Act: Regulatory requirements for healthcare providers, including specific provisions for handling sensitive medical data and associated risk assessments.
Banking Act: Regulatory framework for banks, including requirements for risk assessment and management of banking information systems.
ISO/IEC 27001: International standard for information security management systems, providing framework for security risk assessments and controls.
ISO 31000: International standard for risk management principles and guidelines, providing structured approach to risk assessment.
NIST Cybersecurity Framework: US-based framework widely recognized in Singapore for identifying, protecting, detecting, responding to, and recovering from cyber risks.
GDPR Compliance: European Union's General Data Protection Regulation - Relevant for organizations handling EU residents' data, requiring specific risk assessment considerations.
APEC CBPR: APEC Cross-Border Privacy Rules System - Framework for cross-border data transfers and associated risk assessments in the Asia-Pacific region.
ASEAN Privacy Framework: Regional framework for personal data protection and privacy, influencing risk assessment requirements for ASEAN cross-border data flows.
SS 584: Singapore Standards Guidelines for Cloud Computing - Specific requirements for assessing risks in cloud computing implementations.
MTCS SS 584: Multi-Tier Cloud Security Standard - Singapore's standard for cloud security assessment and certification, defining different tiers of security requirements.
