Guest user Created: Dec 07, 2017 Last commented: Dec 07, 2017

Legal requirements

For the “control objective A.18 – Compliance with legal and contractual requirements” – does this need to include other legal requirements or is it just those relating to information security. For example should the legal register hold reference to the Companies Act and other Financial Regulations – as these are not specifically related to information security.

0 1

Assign topic to the user

Select user

Expert

Rhand Leal Dec 07, 2017

Answer: To meet this control objective, you must include not only legal requirements that are specifically related to information security, but also those that may affect or be affected by the compromise of information that the Information Security Management System is intended to protect. For example, service level agreements for a delivery service may be affected if information delivery address is compromised.

This article will provide you further explanation about requirements identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

These materials will also help you regarding requirements identification:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 07, 2017

Expert Advice Community