7. Security measures guidelines
(1) The Minister may, for the purpose of providing practical guidance to providers, having consulted with the Commission and such other persons as he or she may consider appropriate -
(a) prepare and publish guidelines on the implementation of technical and organisational measures to manage the risks posed to the security of networks and services, and
(b) approve guidelines, or any part of guidelines, on the implementation of technical and organisational measures to manage the risks posed to the security of networks and services made or published by another person,
(each referred to in this Act as "security measures guidelines").
(2) Without prejudice to the generality of subsection (1), security measures guidelines may relate to any of the following:
(a) the risks posed to the security of networks and services;
(b) the types of measures considered appropriate for securing electronic communications networks and services;
(c) guidance on the implementation methods of specified measures;
(d) standards or technical specifications that may be considered appropriate for the implementation of specified measures;