Cybersecurity Act 2018: Primary legislation governing cybersecurity in Singapore, particularly for Critical Information Infrastructure (CII). Establishes licensing framework for cybersecurity service providers and incident reporting requirements.
Personal Data Protection Act (PDPA) 2012: Establishes data protection requirements, consent obligations, and data breach notification requirements for organizations handling personal data in Singapore.
Computer Misuse Act: Provides legal framework against unauthorized access, modification, and use of computer material, relevant for defining security breach scenarios and remedies.
Electronic Transactions Act: Governs electronic transactions and digital signatures, important for establishing validity of electronic contracts and security measures.
MAS Technology Risk Management Guidelines: Specific requirements for financial institutions regarding technology risk management and cybersecurity controls set by the Monetary Authority of Singapore.
Healthcare Cybersecurity Requirements: Sector-specific cybersecurity requirements for healthcare institutions handling sensitive medical data and systems.
CII Requirements: Specific cybersecurity requirements and obligations for Critical Information Infrastructure operators under the Cybersecurity Act.
GDPR Compliance Requirements: European Union's General Data Protection Regulation requirements applicable when handling EU residents' data, including cross-border transfer restrictions.
ISO/IEC 27001: International standard for information security management systems, often referenced in cybersecurity SLAs for benchmark security controls.
PDPC Advisory Guidelines: Detailed guidance from Singapore's Personal Data Protection Commission on implementing PDPA requirements and best practices.
Singapore Standards (SS): National standards for cybersecurity practices and controls specific to Singapore's business environment.
