Guest user Created: Feb 02, 2022 Last commented: Feb 02, 2022

ISO 27001 Toolkit - Document 02.1

I hope you’re well and had a good weekend. Can you please advise if ISO 27001 requires me to list all UK GDPR requirements individually on the document ‘02.1_Appendix_1_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_27001_EN’ provided in the 27001 toolkit? Would it be sufficient to merely list the requirement of ‘Adhere to all UK GDPR requirement as listed under Part 2, Chapter 2 of the UK Data Protection Act 2018’? I’m hoping I don’t need to effectively copy and paste a lot of sections of the UK GDPR but thought it best to check to ensure compliance with ISO 27001.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Feb 02, 2022

An item in the List of requirements needs to be specified at a level where the person responsible for its fulfillment understands what is needed to be done.

For example, for some persons you may need to specify only the name of the regulation (e.g., EU GDPR) or contract number, while for others you may need to be more specific, referring to specific clauses (like your example), or even writing them in the register.

This article will provide you a further explanation about requirements:

How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Quote

0 1

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Feb 02, 2022

Expert Advice Community