Legal, regulatory, and contractual requirements
I was wondering if you had any specific tips on filling out the legal, regulatory, and contractual requirements as part of the Appendix? Would you recommend talking to each country’s office and each department as to which rules they have or merely searching online to see what there is?
Assign topic to the user
We are not legal experts, so our recommended approach is indeed for organizations to hire local expert advice to identify legal requirements that must be fulfilled to be compliant with the ISO 27001 and EU GDPR. An online search can help at the beginning of your work (for an overview), but local expert advise is highly recommended.
This article will provide you a further explanation about the identification of requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Jul 03, 2020