Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

identification of applicable legislation

Hello, One of the controls that needs to be implmented is 15.1.1 'Identification of applicable legislation' How can we implment this and what kind of document (procedure) shall we have to define the applicable laws and regulations related to information security. Many Thanks

0 0

Assign topic to the user

Select user

Guest

Guest post Jan 12, 2016

Hello,

You should list your country legislation and regulations applied to your activity in regarding the ISO 27001 controls, namely: privacy, data retention, human resources, data protection, personal data, physical security, etc... and collect evidences of compliance with those requirements. We would suggest you to work with your company lawyer and request those applicable laws and regulations.

You whould like to remind you that the control in ISO 27001 revision 2013 is not any more A.15.1.1 but A.18.1.1
We can also suggest you to have a look in the following where you can find an example of a procedure for identification of requirements:
https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/

Hope it helps
Thanks

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community