We are currently working with a Global investment firm on an ISO 27001 implementation / certification project but they are struggling to identify a single list for the purpose of compliance with A15.1.1
As they are in many territories, it is difficult for them to identify a single list.
Have you a good idea how to solve this particular issue?
Answer:
First of all, if you have implemented the ISO 27001:2005 in your business and you have certified it, you need to adapt to the new version ISO 27001:2013 as soon as possible, because theoretically 2015 is the last year for the adaptation, after this the ISO 27001:2005 will not run (although you can always have implemented the old version, but you can not re-certify it). And keep in mind that our documents are developed for the new version.
Anyway, the control A.15.1.1, is the control A.18.1.1 in the new standard. This article, which is about international laws and regulations, can help you Laws and regulations on information security and business continuity : https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
And remember that you can also use our template Procedure_for_identification_of_Requirements and Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements (you can find them in the folder 02 Procedure for Identification of Requirements)
Comment as guest or Sign in
Jan 12, 2016