CYBER SUPPLY CHAIN SECURITY

Business Context

Primary Asset

Industry

Country

WorkForce

Where is the sensitive data?

Is sensitive data accessible or held by 3rd party suppliers?

What is the IT Service arrangement?

Intellectual Property

Personally Identifiable Information(PII)

Cardholder Information

Customer Information with contractual obligations

Sensitive PII

Government Classified Information

ISO/IEC 27001 Information Security Management System (ISMS) Standard

NIST Cybersecurity Framework

Payment Card Industry Data Security Standard (PCI- DSS)

Australian Signals Directorate - Information Security Manual (ISM)

System and Organization Controls (SOC) 2

Sarbanes–Oxley Act of 2002 (SOX)

Organization for Economic Cooperation and Development (OECD) Privacy and Security Guidelines

Asia-Pacific Economic Cooperation (APEC) Privacy Framework

Australian Privacy Act 1988

The Personal Information Protection and Electronic Documents Act (PIPEDA)

The General Data Protection Regulation (GDPR)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

United Kingdom - Data Protection Act 2018

APRA CPS 234

New South Wales Cyber Security Policy

California Consumer Protection Act (CCPA)

Privacy and Personal Information Protection Act 1998

Queensland Information Security Policy

Victoria Privacy and Data Protection Act 2014

Japan - Act on the Protection of Personal Information (APPI)

Canada - Consumer Privacy Protection Act (CPPA)

Brazil - Law for the Protection of Personal Data

Singapore - Personal Data Protection Act (PDPA)

India - Privacy and Data Protection (PDP)

Uncertain

Update and Save

bottom of page