Guest user Created: Aug 17, 2018 Last commented: Aug 17, 2018

Toolkit selection

I am currently in charge of establishing and implementing an ISO 27001 ISMS in my organization. Initially, the scope was for a process and facility in the US but this has been expanded to include two facilities in Europe (France and Belgium). The company is a French company and uses the EU GDPR regulation in Europe but also need to comply with the US legislator requirement.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Aug 17, 2018

From your experience, what is the best way to approach this project? We are also looking at purchasing your tool kit and was wondering if we should purchase on the ISO 27001 toolkit or to buy the EU GDPR/ISO 27001 toolkit despite our certification requirement is for only ISO 27001 considering the price difference for future sake.

Answer:

The main question here is if the US facility has to handle EU citizen's data, or will handle it in the near future. If the US facility does not have access to EU citizen's data, and does not expect that for the near future, you can reduce its scope only to ISO 27001 and US legal requirements. Implementing integrated standards/regul ations is more complex, and you should avoid such implementations whenever possible.

Regarding the toolkits, I'd suggest you to buy the EU GDPR/ISO 27001 toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit/, because this one has all documents you will need to fulfill both ISO 27001 and EU GDPR, and you can use only the ISO 27001 related documents to implement ISO 27001 in your US facility.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Aug 17, 2018

Expert Advice Community