Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Register of Requirements

  Quote
Guest
Guest user Created:   May 25, 2023 Last commented:   May 25, 2023

Register of Requirements

Underneath the register of requirements where I am asked if I am compliant with the Computer Misuse Act am I expected to have a policy or do I read and agree to the terms?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 25, 2023

By checking that you are compliant with the Computer Misuse Act, you state that you have implemented all the controls defined as necessary to fulfill the Act’s requirements (secure computer material against unauthorized access or modification, and for connected purposes).

Considering that, you need to identify in the Statement of Applicability which controls are related to the Computer Misuse Act, and ensure they are implemented (these controls may refer to documents, facilities, and/or technologies).

For example, if controls related to this Act are controls A.5.15 - Access control, and A.7.1 – Physical security perimeters, then you need to ensure that they are implemented (e.g., by implementing an Access Control Policy, and by defining areas with different security levels, related to the sensitivity of the information kept on them).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 25, 2023

May 25, 2023

Suggested Topics