Guest user Created: Apr 24, 2018 Last commented: Apr 24, 2018

Application of control A.18.1.1

I am having some trouble with A.18.1.1. Do I need explicitly identify every applicable requirement for the every law and standard applicable to our company such as all accounting, human resource (Federal, State and local) or it should be towards our services that we provide?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Apr 24, 2018

The application of control A.18.1.1 (Identification of applicable legislation and contractual requirements) refers only to the identification of the legal requirements that can affect your information security - for example, requirements related to privacy regulation, regulation on e-commerce, etc.

If a law or contract applicable to your organization has no impact on the information protected by your ISMS scope, you do not need to document it for the purposes of the information security management.

Regarding the services you provide, if they are not included in your ISMS scope, there is also no need to document it.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Apr 24, 2018

Expert Advice Community