Identification of legal requirements
Assign topic to the user
Answer: This list is just a general reference, and your organization should seek for expert support for identification of legal requirements relevant for your organization's industry (there may be more or less than those presented in the article).
2 - I know we also need to state our approach; is this simply by stating how we comply eg storing all HR docs in a locked cupboard marked confidential and i=unedr access con trol?
Answer: This answer will depend on what each applicable legislation is requiring. Some of them may require you to implement some kind of technology, present some specific records or reports, or implement policies. Again, you should seek for expert support regarding each applicable legislation to identify the approach required to fulfill them.
This article will provide you further explanation about how using ISO 27001 to comply with a legal requirement:
- How ISO 27001 can help suppliers comply with U.S. DFARS 7012 https://advisera.com/27001academy/blog/2017/04/24/how-iso-27001-can-help-suppliers-comply-with-usa-dfars-7012/
Comment as guest or Sign in
Aug 04, 2017