Personal Data Protection Act (PDPA) 2012: Singapore's primary data protection legislation that governs the collection, use, disclosure, and care of personal data. Must be considered for data handling requirements in the RFP.
Computer Misuse Act: Legislation dealing with cybercrime and unauthorized access to computer systems. Relevant for security requirements specification in the RFP.
Electronic Transactions Act: Provides legal foundation for electronic transactions and digital signatures. Important for defining electronic documentation and approval processes.
Cybersecurity Act 2018: Framework for protection of critical information infrastructure and cybersecurity requirements. Essential for security compliance specifications.
Copyright Act: Protects intellectual property rights, including software and digital content. Relevant for IP ownership and licensing terms in the RFP.
Evidence Act: Governs the admissibility of electronic records as evidence. Important for record-keeping and documentation requirements.
TR76 (Technical Reference 76): Singapore's standard for cloud security. Essential for specifying cloud service requirements and security standards.
MTCS (Multi-Tier Cloud Security): Singapore's cloud security standard with different tiers of security requirements. Important for cloud service provider qualification.
Government Procurement Act: Regulates government procurement processes. Relevant if the RFP is for government or public sector projects.
MAS Technology Risk Management Guidelines: Specific guidelines for financial sector technology implementations. Must be considered if the RFP involves financial services.
Cross Border Privacy Rules (CBPR): Framework for cross-border data transfers. Important if the RFP involves international data movement or overseas vendors.
ASEAN Framework on Personal Data Protection: Regional data protection framework. Relevant for projects involving ASEAN region data transfers or vendors.
