Here’s a rundown on the key regulatory standards governing cloud compliance:
Protective Security Policy Framework (PSPF)
The Protective Security Policy Framework (PSPF) “assists Australian government entities to protect their people, information and assets, both at home and overseas”.
It sets out government protective security policy and helps entities to implement the policy across security governance, information security, personnel security and physical security.
For an overview of the PSPF, read the government’s booklet
Information Security Manual (ISM)
The Australian Cyber Security Centre produces the Information Security Manual (ISM), which outlines a cyber security framework for organisations.
By using their own risk management framework, organisations can apply ISM to protect their information and systems from cyber threats.
The ISM is to be used by chief information security officers, chief information officers, cyber security professionals and information technology managers.
Security of Critical Infrastructure Act 2018
The Security of Critical Infrastructure Act 2018 seeks to manage the national security risks of sabotage, espionage and coercion from foreign involvement in Australia’s critical infrastructure.
The Act applies to 22 asset classes across 11 sectors, including communications, defence, energy, food and grocery, health care and medical and space technology, transport, water and sewerage.
Privacy Act 1988
This is the principal piece of Australian legislation that protects the handling of personal information about individuals.
It includes the collection, use, storage and disclosure of personal information in the federal public sector, state and territory public sectors and the private sector.
Leave a Reply