Story image

RSA responds to increasing A/NZ regulations with new updates

RSA, a cybersecurity company specialising in integrated risk management, has released new updates to its RSA Archer Suite offerings to meet changing regulatory demands of Australia and New Zealand.

The new data protection and privacy management capabilities will help business in the A/NZ region to better ensure data protection and privacy regulations and compliance, according to the company.

RSA states that around the world regulators are enforcing more rules around how organisations use, manage and protect personal information.

This includes, for example, the introduction of the General Data Protection Regulation (GDPR), and locally the Notifiable Data Breaches scheme (NDB).

These changes can be seen in the recent updates to the Australian Privacy Act, the Australian Prudential Standard CPS 234 on Information Security, and the New Zealand Privacy Act.

Following these compliance changes, RSA has extended the RSA Archer Suite to include new regulatory content as well as enhanced Privacy Management use cases, to assist local customers with their Privacy and Regulatory Compliance practices.

The RSA Archer Suite is designed to help organisations manage multiple aspects of business risk using an integrated risk management platform, and solutions built on industry standards and best practices.

RSA director of integrated risk management (APJ) Sam O'Brien, says, “Our local customers are coming up against new regulations and standards to help keep data secure. It's elevating risk, security and compliance issues to the attention of the c-suite more than ever before.

“But risk is multifaceted. Operational risks, compliance risks, cyber risks and third-party risks all overlap. That''s why it's essential to look at a unified, phased approach to integrated risk management, especially if a business is trying to protect data at scale.”

The RSA Archer Authoritative Source library has been extended to include:

Australian Privacy Act Authoritative Source

  • The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.
  • The Australian Privacy Act Authoritative Source is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.

Australian Prudential Standard CPS 234 on Information Security Authoritative Source

  • The Australian Prudential Standard CPS 234 on Information Security aims to ensure that an APRA-regulated entity takes measures to be resilient against information security incidents (including cyberattacks) by maintaining an information security capability commensurate with information security vulnerabilities and threats.
  • The Australian Prudential Standard CPS 234 Authoritative Source is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.

New Zealand Privacy Act Authoritative Source

  • The New Zealand Privacy Act 1993 promotes and protects individual privacy in general accordance with the Recommendation of the Council of the Organisation for Economic Co-operation and Development Concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data.
  • The New Zealand Privacy Act Authoritative Source is available with the use of the RSA Archer Policy Program Management, RSA Archer Controls Monitoring Program Management, and/or RSA Archer Authorization and Assessment use cases. No additional license is required.

This is in addition to recent updates to RSA Archer Regulatory Compliance use cases including:

  • The RSA Archer Data Governance use case, designed to assist organisations in documenting data governance requirements to improve support for data-centric regulations, such as HIPAA, GLBA and GDPR.
  • The RSA Archer Privacy Program Management use case, designed to enable organisations to manage privacy programs and align processes with regulations, including privacy assessments and regulatory case tracking.
  • The RSA Archer Cyber Incident and Breach Response use case, designed to align security to business risk, providing a measure of control efficacy and centralising the process for responding to business-impacting security incidents.