Welcome to Scribd!

ISO/IEC 27001:2013 Information Security Management Systems - Compliance With Legal and Contractual Requirements

Uploaded by

jcbr1999

0% found this document useful (0 votes)

43 views5 pages

The document discusses ISO/IEC 27001:2013 controls for ensuring compliance with legal and contractual requirements regarding information security. It outlines five key controls: 1) Identifying applicable legislation and contractual requirements. 2) Ensuring compliance with intellectual property rights. 3) Protecting records according to legal requirements. 4) Protecting privacy and personally identifiable information. 5) Ensuring cryptographic controls comply with relevant laws and regulations. The controls are aimed at maintaining compliance with changing laws across different countries of operation.

Original Description:

Original Title

1.1 Compliance

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

43 views5 pages

ISO/IEC 27001:2013 Information Security Management Systems - Compliance With Legal and Contractual Requirements

Uploaded by

jcbr1999

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 5

Search inside document

ISO/IEC 27001:2013 Information security management systems

-Compliance with legal and contractual requirements-

Security category – 18.1. Compliance with legal and contractual requirements

Control – 18.1.1. Identification of applicable legislation and contractual

requirements
Identify, document and keep up to date all legal, regulatory and contractual
requirements applicable to each information system of the organization.

Identification of legislation and contractual requirements – including a short

description of the organization’s approach to fulfill the requirement.

More difficult in case of organizations that operate in several countries.

Legal and contractual requirements change – so they need to be updated.

ISO/IEC 27001:2013 Information security management systems
-Compliance with legal and contractual requirements-

Control – 18.1.2. Intellectual property rights

There should be procedures to ensure compliance with requirements related to
intellectual property rights and use of proprietary software.

The risk is for legal action against the organization for unauthorized use of
copyright material.

The organization should implement rules on the use of intellectual property.

Guidelines:
- software should be acquired only from known sources;
- awareness of personnel on intellectual property rights and using the disciplinary
process in case of breaches;
- make inventory checks at least once per year to ensure all software in use is licensed;
- keep proof and evidence of ownership for all software;
- have regulations for disposing of software or transfer of software to others.
ISO/IEC 27001:2013 Information security management systems
-Compliance with legal and contractual requirements-

Control – 18.1.3. Protection of records

The organization should protect records according to legislation, regulatory,
contractual and business requirements.

Records have to be protected from breach of confidentiality, from loss or

modification.

There is legislation defining retention periods for many types of records and
the organization is required to comply.

When keeping records for long periods consideration should be given to the
risk of deterioration.
ISO/IEC 27001:2013 Information security management systems
-Compliance with legal and contractual requirements-

Control – 18.1.4. Privacy and protection of personally identifiable information

The organization needs to protect the privacy of personally identifiable
information in line with applicable legal requirements.

Most countries have legislation on the protection of personally identifiable

information.

The organization should have a policy to ensure the compliance with relevant
legislation related to privacy and personally identifiable information.

A solution is to nominate a “Privacy officer”.

ISO/IEC 27001:2013 Information security management systems
-Compliance with legal and contractual requirements-

Control – 18.1.5. Regulation on cryptographic controls

The use of cryptography should respect legislation, regulations and relevant
agreements.

Legislation on the use of digital signatures and other uses of cryptography.

Some countries prohibit the export of cryptography software, some restrict

the import of such software; some legislations require licensing for the use of
cryptography software.

Look for legal advice to make sure it complies with specific legislation on all
the markets where it activates.

Workplace Mental Health Policy
Document4 pages
Workplace Mental Health Policy
Nolen Endaya
100% (2)
Collection Notes by Clang
Document19 pages
Collection Notes by Clang
Quevyn Kohl Surban
No ratings yet
ISO 270012013 A18nbspCompliance
Document12 pages
ISO 270012013 A18nbspCompliance
fitriah adjis
No ratings yet
Complaince
Document3 pages
Complaince
Taimoor Hasan
No ratings yet
Basic Concepts in Legal, Regulations, Investigations, and Compliance
Document22 pages
Basic Concepts in Legal, Regulations, Investigations, and Compliance
Anonymous 97dbabE5
No ratings yet
PDF 20230228 091332 0000
Document19 pages
PDF 20230228 091332 0000
Isabel Musara
No ratings yet
Legislative Provision. Part 2.
Document17 pages
Legislative Provision. Part 2.
Mi Kim
No ratings yet
Unit-2 Info Secu
Document11 pages
Unit-2 Info Secu
workwithasr04
No ratings yet
Đại Học Fpt Cần Thơ
Document26 pages
Đại Học Fpt Cần Thơ
benkazan 3
No ratings yet
PPT Ch03-Amr PDF
Document56 pages
PPT Ch03-Amr PDF
Charlito Mikolli
No ratings yet
Control No. Control Description Check For
Document2 pages
Control No. Control Description Check For
Abhishek Lavre
No ratings yet
Legal Framework and Analysis
Document8 pages
Legal Framework and Analysis
siddharth singh
No ratings yet
Lect 03
Document14 pages
Lect 03
Nguyen Quoc Khai
No ratings yet
14 Domains of ISO 27001: Cybersecurity Career Launcher
Document9 pages
14 Domains of ISO 27001: Cybersecurity Career Launcher
Rohan
No ratings yet
Chapter 3 - Legal, Ethical, and Professional Issues in Information Security
Document7 pages
Chapter 3 - Legal, Ethical, and Professional Issues in Information Security
Ashura Osip
No ratings yet
Ethics and Information Systems' Security: Glenn A. Asuncion
Document29 pages
Ethics and Information Systems' Security: Glenn A. Asuncion
Glenn A. Asuncion
No ratings yet
GDPR Compliance Checklist
Document6 pages
GDPR Compliance Checklist
Zeeshan Rana
No ratings yet
Compliance and Regulations - GRC
Document2 pages
Compliance and Regulations - GRC
Vaishnavi Nimkar
No ratings yet
Legal, Ethical and Professional Issues in Information Security
Document10 pages
Legal, Ethical and Professional Issues in Information Security
Dyna Mallares
No ratings yet
Chapter 04
Document60 pages
Chapter 04
nikoladjonaj
No ratings yet
GDPR - General Data Protection Regulation: EUROLAB "Cook Book" - Doc No. 22
Document6 pages
GDPR - General Data Protection Regulation: EUROLAB "Cook Book" - Doc No. 22
eko handoyo
No ratings yet
1
Document12 pages
1
Wasimuddin
No ratings yet
Isc2 Cissp 1 6 1 Spotlight On The GDPR
Document6 pages
Isc2 Cissp 1 6 1 Spotlight On The GDPR
trojanbaya
No ratings yet
Lecture 3 Legal Ethical and Professional Issues
Document26 pages
Lecture 3 Legal Ethical and Professional Issues
jack
No ratings yet
Thwarting Attackers Defending Against Growing Security Sophistication While Managing Complexity
Document18 pages
Thwarting Attackers Defending Against Growing Security Sophistication While Managing Complexity
ducuh
No ratings yet
India: An Up-Date On Data Protection Legislation Tejas Karia
Document21 pages
India: An Up-Date On Data Protection Legislation Tejas Karia
Asmita Hossain
No ratings yet
GDPR Requirements and Netwrix Functionality Mapping
Document32 pages
GDPR Requirements and Netwrix Functionality Mapping
Cleilson de Sousa Pereira
No ratings yet
Can Employers Monitor Their Employees2019 Emails? :: Laurence Kaye
Document4 pages
Can Employers Monitor Their Employees2019 Emails? :: Laurence Kaye
Minh
No ratings yet
Data Protection - Implementation & Compliance of Law
Document5 pages
Data Protection - Implementation & Compliance of Law
rohit
No ratings yet
Data Security Standards
Document6 pages
Data Security Standards
Hisham Hish
No ratings yet
General Data Protection Regulation (GDPR) Complaince: Principles
Document3 pages
General Data Protection Regulation (GDPR) Complaince: Principles
Alen Augustine
No ratings yet
Lecture 03 - Legal, Ethical & Professional-1
Document68 pages
Lecture 03 - Legal, Ethical & Professional-1
Umair Amjad
No ratings yet
A Risk Manager's Guide To The General Data Protection Regulation - BitSight
Document10 pages
A Risk Manager's Guide To The General Data Protection Regulation - BitSight
Vullnet Kabashi
No ratings yet
Information Security: What Is The Purpose of An Information Security Policy?
Document14 pages
Information Security: What Is The Purpose of An Information Security Policy?
English words BY Utkarsh johri
No ratings yet
Perspectives M N Zaki - Personal Data Protection
Document3 pages
Perspectives M N Zaki - Personal Data Protection
M N ZAKI
No ratings yet
Lect 5
Document26 pages
Lect 5
Misbah Irum
No ratings yet
03.2 Audit Legal Compliance Vs ISO 27001
Document3 pages
03.2 Audit Legal Compliance Vs ISO 27001
digi deva
No ratings yet
PDPA Code of Practice - Communications Sector - Final Version 23-Nov-2017
Document54 pages
PDPA Code of Practice - Communications Sector - Final Version 23-Nov-2017
Abdulhadi Wahid
No ratings yet
Cyber 4.3 Presantation
Document14 pages
Cyber 4.3 Presantation
Emma mutaurwa
No ratings yet
Legal Ethical Professionalin Is
Document39 pages
Legal Ethical Professionalin Is
Shruthi
No ratings yet
Lecture 03 - Legal, Ethical & Professional-3
Document69 pages
Lecture 03 - Legal, Ethical & Professional-3
snyderlola0
No ratings yet
Strategic Considerations For Data Privacy Compliance in Litigation - FRA
Document4 pages
Strategic Considerations For Data Privacy Compliance in Litigation - FRA
nandanabhishek1
No ratings yet
0
Document3 pages
0
Gauri Rajput
No ratings yet
Information Security Standards-IsO Unit 5
Document10 pages
Information Security Standards-IsO Unit 5
Adesh Kumar chaturvedi
No ratings yet
Existing Laws Comparison
Document9 pages
Existing Laws Comparison
adhityan0005
No ratings yet
Day 1 - Data Protection Training
Document74 pages
Day 1 - Data Protection Training
Leary John Tambagahan
No ratings yet
Security Regulations - Albany Users Group 2018-07-28 - Final
Document45 pages
Security Regulations - Albany Users Group 2018-07-28 - Final
walter.martinez.oyarce
No ratings yet
CSX2018 - GDPR 3rd Party
Document88 pages
CSX2018 - GDPR 3rd Party
Marco Ermini
No ratings yet
What Happens When A Company Does Not Meet GDPR Requirements
Document7 pages
What Happens When A Company Does Not Meet GDPR Requirements
ranjith123
No ratings yet
Nymity - Privacy Project To Privacy Program PDF
Document28 pages
Nymity - Privacy Project To Privacy Program PDF
raghukulkarni2005
No ratings yet
GDPR Requirements and Netwrix Functionality Mapping
Document32 pages
GDPR Requirements and Netwrix Functionality Mapping
medo hosny
No ratings yet
PART IV - Regulation and Enforcement
Document11 pages
PART IV - Regulation and Enforcement
chandra mohan
No ratings yet
Information Governance Services Information Governance Support
Document20 pages
Information Governance Services Information Governance Support
gschandel3356
No ratings yet
Activemind - Legal Template Data Protection Policy - Version 2 1 - 2019 09 02
Document3 pages
Activemind - Legal Template Data Protection Policy - Version 2 1 - 2019 09 02
adiosadios14
No ratings yet
IP Considerations in The Outsourcing Business
Document17 pages
IP Considerations in The Outsourcing Business
LawQuest
No ratings yet
Legal, Ethical & Professional Issues in Information Security
Document33 pages
Legal, Ethical & Professional Issues in Information Security
Em Tadeo
No ratings yet
DIGITAL BUSINESS ECOSYSTEM - Experiential Learning - Analyzing The Digital Protection Bill - Arshmeen Kaur (16.03.24)
Document2 pages
DIGITAL BUSINESS ECOSYSTEM - Experiential Learning - Analyzing The Digital Protection Bill - Arshmeen Kaur (16.03.24)
arshmeen.kaur2027
No ratings yet
News Article - Company Compliance With The Data Privay Act
Document3 pages
News Article - Company Compliance With The Data Privay Act
Gabriel Lajara
No ratings yet
ISO/IEC 27001:2013: Spring 2019, MAJU Nauman H. Ansari
Document20 pages
ISO/IEC 27001:2013: Spring 2019, MAJU Nauman H. Ansari
Saddam Ranjhani
No ratings yet
Project PortfolioICTICT618 Project Portfolio
Document11 pages
Project PortfolioICTICT618 Project Portfolio
Nilesh Prasad
No ratings yet
Liabilities of Companies
Document2 pages
Liabilities of Companies
Shalu Thakur
No ratings yet
EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide
From Everand
EU General Data Protection Regulation (GDPR) - An Implementation and Compliance Guide
ITGP Privacy Team
No ratings yet
UNDP-NP-ESP-ECN DC-Config-Ops-20120319-ver1-en
Document108 pages
UNDP-NP-ESP-ECN DC-Config-Ops-20120319-ver1-en
jcbr1999
No ratings yet
2.1 User Access
Document6 pages
2.1 User Access
jcbr1999
No ratings yet
Records Management, Retention and Disposal Policy and Procedure
Document19 pages
Records Management, Retention and Disposal Policy and Procedure
jcbr1999
No ratings yet
Practical Implementation of Software Asset Management (SAM) '
Document25 pages
Practical Implementation of Software Asset Management (SAM) '
jcbr1999
No ratings yet
Resume Spark
Document4 pages
Resume Spark
leninbabus
No ratings yet
CHF Impact Assessment Somali Region
Document58 pages
CHF Impact Assessment Somali Region
Yousuf I
No ratings yet
Design Methods For Clay and Concrete Block Paving
Document24 pages
Design Methods For Clay and Concrete Block Paving
Arunashish Mazumdar
No ratings yet
Sumit Bhardwaj: Address: H.no. 215 A Nirman Nagar, Jaipur Rajasthan Tel: (M) : 9909744946
Document6 pages
Sumit Bhardwaj: Address: H.no. 215 A Nirman Nagar, Jaipur Rajasthan Tel: (M) : 9909744946
Mohit chawla
No ratings yet
Quiz 1 Repaired
Document6 pages
Quiz 1 Repaired
Tran Pham Quoc Thuy
No ratings yet
Bhushan Steel Limited Shahibabad Ghaziabad Up-201005: A Report of Summer Training On
Document54 pages
Bhushan Steel Limited Shahibabad Ghaziabad Up-201005: A Report of Summer Training On
sandeep
No ratings yet
Lecture 11 Decanters
Document10 pages
Lecture 11 Decanters
febrian
No ratings yet
Iqta'
Document3 pages
Iqta'
ZABED AKHTAR
No ratings yet
Week 1 Tutorial Problems
Document7 pages
Week 1 Tutorial Problems
WOP INVEST
No ratings yet
Ciff A
Document15 pages
Ciff A
jashpreet
No ratings yet
JSF Tutorial
Document346 pages
JSF Tutorial
Marwa Ghoz
No ratings yet
NSE4 - FGT-6.0.prepaway - Premium.exam.125q: Number: NSE4 - FGT-6.0 Passing Score: 800 Time Limit: 120 Min File Version: 2.2
Document52 pages
NSE4 - FGT-6.0.prepaway - Premium.exam.125q: Number: NSE4 - FGT-6.0 Passing Score: 800 Time Limit: 120 Min File Version: 2.2
Bryan Nepomuceno
No ratings yet
Historien Om Duck
Document123 pages
Historien Om Duck
Rasmus
No ratings yet
Ticketmaster Member Services - Print Receipt
Document1 page
Ticketmaster Member Services - Print Receipt
8768263
No ratings yet
Bag Filters: Amerseal Cube Filters Dripak Dripak 2000
Document4 pages
Bag Filters: Amerseal Cube Filters Dripak Dripak 2000
Bayu Samudra
No ratings yet
AgaSlots SAS
Document3 pages
AgaSlots SAS
Manolo Gonzalez
No ratings yet
Readme
Document3 pages
Readme
Jerico Merciales Salas
No ratings yet
Hot-Dip Coated Steel Sheet With High Corrosion Resistance, ECOGAL-Neo
Document4 pages
Hot-Dip Coated Steel Sheet With High Corrosion Resistance, ECOGAL-Neo
KYAW SOE
No ratings yet
MDF Declaration Verification Affidavit
Document3 pages
MDF Declaration Verification Affidavit
carlamachadoclemente
No ratings yet
Powerpoint Presentation Dissertation Defense
Document4 pages
Powerpoint Presentation Dissertation Defense
IDon'TWantToWriteMyPaperNorthLasVegas
100% (1)
Prestressed Transfer Plate Design and Construction
Document16 pages
Prestressed Transfer Plate Design and Construction
a96lhf
0% (1)
Acr Artroza
Document14 pages
Acr Artroza
codruta soare
No ratings yet
Passenger Ship Familiarisation
Document130 pages
Passenger Ship Familiarisation
Chalet Balnear Goa
No ratings yet
Autoscore A4 Premium Report VIN LVHRS1858N5008079 SerialNumber 11080823031
Document18 pages
Autoscore A4 Premium Report VIN LVHRS1858N5008079 SerialNumber 11080823031
KATEEM HOZAIN
No ratings yet
Woods CAN - DMS - 141680031 - v1 - 2021 09 27 Notice of Appeal
Document7 pages
Woods CAN - DMS - 141680031 - v1 - 2021 09 27 Notice of Appeal
Howard Knopf
No ratings yet
Memorial
Document13 pages
Memorial
Sakshi Malik
No ratings yet
Beam Profiler Measurement
Document44 pages
Beam Profiler Measurement
adarshchouhan47
No ratings yet
Manta Aislante Thermalceramics
Document2 pages
Manta Aislante Thermalceramics
jast111
No ratings yet