SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Identifying legal requirements

Guest

Identifying legal requirements

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Feb 26, 2019 Last commented:   Feb 26, 2019

Identifying legal requirements

ISO 27001 & 22301
1. law scope- LEGISLATION AND REGULATION RECORD- What is the accurate scope and commitment of Advent One in the legal context domain?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Feb 26, 2019

Some background info:
https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

The concern on my managers is: Do we need to read all of these legislation , its huge list of laws? What exactly do wee need to do for passing the context of iso 27001 req.?

Answer: For fulfilling ISO 27001 clause 4 (context of the organization) you have to:
- identify relevant interested parties (e.g., shareholders, top management, employees, customers, etc.) and their requirements (e.g., business objectives, products or services specifications, clauses of laws, regulations and contracts your organization must follow, etc.) for information security.
- define the boundaries and applicability of the ISMS (i.e., the ISMS scope)

Your company must comply with all applicable laws and regulations anyway, so in any case responsible persons in your company need to read them - ISO 27 001 helps you focus on information security-related laws and regulations.

These articles will provide you more information:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/

2. Just to copy paste the relevant laws for Australia from your website in the 'MSS_REC_4.2' relevant doc?

My managers needs extra clarification about how to pass this legal thing, thanks

Answer: Unfortunately, the list in the link you provided is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations related to Australia are listed. To make sure you have the latest list of laws and regulations relevant to your business, it would be best to hire a local legal adviser.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 26, 2019

Feb 26, 2019

Suggested Topics
Guest user Created:   Feb 14, 2017 ISO 27001 & 22301
Replies: 1
0 0

Identifying Legal Requirements
Guest user Created:   Jun 03, 2019 ISO 27001 & 22301
Replies: 1
0 0

Auditing BCP and DRP