Identification of Requirements - level of detail?
Assign topic to the user
From my point of view, in your list of interested parties it is sufficient to include the general principles. Anyway, for ISO 27001 is important that your company comply with all laws and legal regulations, but the detail is not established in the standard. For the level of detail that you need to go into, you will need information about each specific law in your country. For example, for Personal Data protection, in some countries you need to identify all personal data, the level of protection for each personal data, and implement the necessary measures, which usually are defined in the own law.
So, my recommendation is that after the identification of all legal requirements, you need to find information in your country about each law to know specifically what are the requirements (this information about the detail of each law must be public)
Remember that you can find here a list of laws and regulations on information security and business continuity "Laws and regulations on information security and business continuity" : https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
Finally, have you seen this interesting article about the identification of interested parties? "How to identify interested parties according to ISO 27001 and ISO 22301" : https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 12, 2016