Data Protection Act 2018: Primary UK legislation that governs personal data protection, implementing and supplementing the UK GDPR. Essential for vulnerability assessments involving personal data processing.
UK GDPR: Post-Brexit adaptation of EU GDPR, setting fundamental principles for personal data protection in the UK, including security requirements and breach notification obligations.
Computer Misuse Act 1990: Criminalizes unauthorized access to computer systems. Crucial for ensuring vulnerability assessments are conducted within legal boundaries and with proper authorization.
NIS Regulations 2018: Network and Information Systems Regulations implementing the EU NIS Directive, setting security requirements for essential services and digital service providers.
Telecommunications (Security) Act 2021: Sets security requirements for telecommunication providers and networks, relevant for vulnerability assessments of telecom infrastructure.
ISO 27001: International standard for information security management systems, providing framework for security controls and vulnerability management.
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risk, including vulnerability assessment protocols.
CIS Controls: Prescriptive, prioritized set of actions to protect organizations and data from known cyber attack vectors, including vulnerability management practices.
NCSC Guidelines: Official UK government guidance on cybersecurity best practices, including vulnerability assessment and management.
FCA Regulations: Financial Conduct Authority regulations governing security requirements for financial services sector, including vulnerability management obligations.
NHS Digital Security Standards: Specific security requirements for healthcare sector, including guidelines for vulnerability assessments in healthcare environments.
Employment Rights Act 1996: Relevant for ensuring vulnerability assessments respect employee rights and privacy in the workplace.
Health and Safety at Work Act 1974: Ensures vulnerability assessments consider workplace safety implications and risk management.
PECR: Privacy and Electronic Communications Regulations governing electronic communications, relevant for vulnerability assessments of communication systems.
Human Rights Act 1998: Ensures vulnerability assessments respect fundamental human rights, particularly privacy rights.
EU GDPR: Relevant for organizations dealing with EU data subjects, setting requirements for vulnerability assessments affecting EU personal data.
