Framework Alignment
Frameworks
Meet regulatory expectations and best practice
ACE is informed by recognised cyber security frameworks, Australian regulatory expectations, and industry best practice relevant to businesses and supply chains.
This includes recognised frameworks, standards, and industry best practice, such as ISO/IEC 27001:2022, the ASD Essential Eight (E8), the Information Security Manual (ISM), the Protective Security Policy Framework (PSPF), the NIST Cybersecurity Framework 2.0, and SMB1001.
It also includes Australian regulatory expectations such as the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act), APRA Prudential Standard CPS 234 Information Security, APRA Prudential Standard CPS 230 Operational Risk Management, and ASIC expectations on cyber resilience and governance.
Supports the governance expectations of the Australian Institute of Company Directors (AICD) Cyber Security Governance Principles
Recognise existing frameworks
If your organisation has already done work against any of these frameworks or regulatory obligations, and can demonstrate that work through evidence, ACE is designed to recognise it. The goal is to build on what you have already done, not ask you to start again.
Interested in ACE for your organisation or supply chain?
Register your interest and the ACE programme team will review your enquiry and respond.