Guest
ISO 27001 Toolkit - Document 02.1
I hope you’re well and had a good weekend.
Can you please advise if ISO 27001 requires me to list all UK GDPR requirements individually on the document ‘02.1_Appendix_1_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_27001_EN’ provided in the 27001 toolkit?
Would it be sufficient to merely list the requirement of ‘Adhere to all UK GDPR requirement as listed under Part 2, Chapter 2 of the UK Data Protection Act 2018’?
I’m hoping I don’t need to effectively copy and paste a lot of sections of the UK GDPR but thought it best to check to ensure compliance with ISO 27001.
Assign topic to the user
Expert
Rhand Leal
Feb 02, 2022
An item in the List of requirements needs to be specified at a level where the person responsible for its fulfillment understands what is needed to be done.
For example, for some persons you may need to specify only the name of the regulation (e.g., EU GDPR) or contract number, while for others you may need to be more specific, referring to specific clauses (like your example), or even writing them in the register.
This article will provide you a further explanation about requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Feb 02, 2022
Feb 02, 2022
Feb 02, 2022