Identifying legal requirements
Assign topic to the user
Some background info:
https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/
The concern on my managers is: Do we need to read all of these legislation , its huge list of laws? What exactly do wee need to do for passing the context of iso 27001 req.?
Answer: For fulfilling ISO 27001 clause 4 (context of the organization) you have to:
- identify relevant interested parties (e.g., shareholders, top management, employees, customers, etc.) and their requirements (e.g., business objectives, products or services specifications, clauses of laws, regulations and contracts your organization must follow, etc.) for information security.
- define the boundaries and applicability of the ISMS (i.e., the ISMS scope)
Your company must comply with all applicable laws and regulations anyway, so in any case responsible persons in your company need to read them - ISO 27 001 helps you focus on information security-related laws and regulations.
These articles will provide you more information:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
- How to define the ISMS scope https://advisera.com/27001academy/knowledgebase/how-to-define-the-isms-scope/
- Problems with defining the scope in ISO 27001 https://advisera.com/27001academy/blog/2010/06/29/problems-with-defining-the-scope-in-iso-27001/
2. Just to copy paste the relevant laws for Australia from your website in the 'MSS_REC_4.2' relevant doc?
My managers needs extra clarification about how to pass this legal thing, thanks
Answer: Unfortunately, the list in the link you provided is not fully up-to-date because it depends on voluntary contributions from our readers – therefore, it is likely that not all regulations related to Australia are listed. To make sure you have the latest list of laws and regulations relevant to your business, it would be best to hire a local legal adviser.
Comment as guest or Sign in
Feb 26, 2019