Legal Requirements in ISO 27001

by Kim Graham

The ISO 27001:2013 standard states, "All relevant legislative statutory, regulatory, contractual requirements and the organization’s approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization.”
It is important to note that ensuring compliance is no easy task, but failing to do so places you at risk of being in noncompliance not only to the ISO 27001:2013 standard, but also to any relevant legislative, statutory, regulatory, or contractual requirements.
This white paper will help you identify and differentiate between legal, regulatory, and contractual obligations as they relate to ISO 27001.