Register of Requirements
Underneath the register of requirements where I am asked if I am compliant with the Computer Misuse Act am I expected to have a policy or do I read and agree to the terms?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
By checking that you are compliant with the Computer Misuse Act, you state that you have implemented all the controls defined as necessary to fulfill the Act’s requirements (secure computer material against unauthorized access or modification, and for connected purposes).
Considering that, you need to identify in the Statement of Applicability which controls are related to the Computer Misuse Act, and ensure they are implemented (these controls may refer to documents, facilities, and/or technologies).
For example, if controls related to this Act are controls A.5.15 - Access control, and A.7.1 – Physical security perimeters, then you need to ensure that they are implemented (e.g., by implementing an Access Control Policy, and by defining areas with different security levels, related to the sensitivity of the information kept on them).
Comment as guest or Sign in
May 25, 2023