identification of applicable legislation
Assign topic to the user
Hello,
You should list your country legislation and regulations applied to your activity in regarding the ISO 27001 controls, namely: privacy, data retention, human resources, data protection, personal data, physical security, etc... and collect evidences of compliance with those requirements. We would suggest you to work with your company lawyer and request those applicable laws and regulations.
You whould like to remind you that the control in ISO 27001 revision 2013 is not any more A.15.1.1 but A.18.1.1
We can also suggest you to have a look in the following where you can find an example of a procedure for identification of requirements:
https://advisera.com/27001academy/documentation/procedure-for-identification-of-requirements/
Hope it helps
Thanks
Comment as guest or Sign in
Jan 12, 2016