How to create item 4 of ISO 27001
I am implementing ISO 27001 in the company I work for, but the spreadsheet created by the consultancy that serves us is more based on ISO 9001 than for ISO 27001, is there another way to document this item, or would it be basically like ISO 9001?
Assign topic to the user
I understand that you are referring to the list of legal requirements for ISO 27001.
Considering that, although the type of information to be gathered to fulfill requirements of section 4 (Organization Context) are basically the same for ISO 9001 to ISO 27001 (e.g., the requirement, responsible, due date, etc.), and by this, if the spreadsheet provided by your consultancy is compliant with ISO 9001, then it also complies with ISO 27001, the requirements for quality are very different from requirements for information security.
For example, for ISO 27001 the requirement would be to comply with LGPD, whereas for ISO 9001 the requirement would be to comply with some manufacturing-related regulation. So it would be better to list the legal, regulatory, and contractual requirements in separated documents for ISO 27001 and for ISO 9001.
To see how a document that lists the legal requirements for ISO 27001 looks like, I suggest you take a look at the free demo of our List of Legal, Regulatory, Contractual and Other Requirements at this link: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/
This article will provide you a further explanation about the identification of requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Jul 09, 2020