PDPA 2012: Singapore's Personal Data Protection Act - Primary legislation governing the collection, use, disclosure, and care of personal data. Must be considered for data handling aspects of the IT audit.
Cybersecurity Act 2018: Singapore's framework for the protection of Critical Information Infrastructure (CII) and regulation of cybersecurity service providers. Essential for security assessment components of the audit.
Computer Misuse Act: Legislation dealing with unauthorized access and modification of computer material. Relevant for security testing and penetration testing scope.
MAS TRM Guidelines: Monetary Authority of Singapore's Technology Risk Management Guidelines - Crucial if the audit involves financial institutions or fintech companies.
Healthcare Cybersecurity Requirements: Specific requirements for healthcare sector including patient data protection and healthcare-specific IT systems compliance.
Public Sector Requirements: Government-specific IT security and data handling requirements applicable for public sector entities.
Companies Act: Singapore's primary legislation governing corporate entities, relevant for corporate governance aspects of IT systems.
Singapore Contract Law: Based on English common law principles, governs the formation and enforcement of the audit proposal contract.
ISO 27001: International standard for information security management systems, providing framework for IT audit methodology.
ISACA Framework: Professional framework for IT governance and audit, providing structured approach for audit execution.
NIST Cybersecurity Framework: US-based framework widely used for cybersecurity assessments and risk management.
SOC Standards: Service Organization Control standards for assessing internal controls and security measures.
GDPR Compliance: EU's General Data Protection Regulation requirements if the audit scope includes handling of EU residents' data.
