The concern on my managers is: Do we need to read all of these legislation , its huge list of laws? What exactly do wee need to do for passing the context of iso 27001 req.?
Answer: For fulfilling ISO 27001 clause 4 (context of the organization) you have to:
- identify relevant interested parties (e.g., shareholders, top management, employees, customers, etc.) and their requirements (e.g., business objectives, products or services specifications, clauses of laws, regulations and contracts your organization must follow, etc.) for information security.
- define the boundaries and applicability of the ISMS (i.e., the ISMS scope)
Your company must comply with all applicable laws and regulations anyway, so in any case responsible persons in your company need to read them - ISO 27 001 helps you focus on information security-related laws and regulations.
2. Just to copy paste the relevant laws for Australia from your website in the 'MSS_REC_4.2' relevant doc?
My managers needs extra clarification about how to pass this legal thing, thanks
Answer: Unfortunately, the list in the link you provided is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations related to Australia are listed. To make sure you have the latest list of laws and regulations relevant to your business, it would be best to hire a local legal adviser.