Expert Advice Community

Guest

Legal requirements

  Quote
Guest
Guest user Created:   Sep 02, 2017 Last commented:   Sep 02, 2017

Legal requirements

Which standards apply to the Legal functions as am about Auditing them. I know of Clause 4.1 on interested partiies and A18.1
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 02, 2017
I assuming you are referring to clause 4.2 (determination of requirements of interested parties) instead of clause 4.1 (understanding the organization and its context). Considering that, besides this clause and section A.18.1 you mentioned, ISO 27001 refers to legal issues also in control A.8.2.1 (classification of information).
You should also consider clause 9.3 (management review), because it covers among other things interested parties feedback, changes in organizational context and the performance of security controls, as well as controls that regulate agreements, like A.7.1.2 (Terms and conditions of employment), A.13.1.2 (Security of network services), A.13.2.2 (Agreements on information transfer), A.13.2.4 (Confidentiality or nondisclosure agreements), and A.15.1.2 (Addressing security within supplier agreements).
This article will provide you further explanation about audit:
- How to make an Internal Audit checklist for ISO 27001 / ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
This material will also help you regarding audit:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 02, 2017

Sep 02, 2017

Suggested Topics