Companies implementing ISO 27001 will find that carrying out a risk assessment is quite often a complicated and lengthy process.
Before embarking on a risk assessment, it is necessary to establish the organisation’s baseline security controls, according to the relevant business, legal, regulatory requirements and contractual obligations as they relate to information security. This is according to Clause 4 of ISO 27001:2013, which states that “interested parties” must be considered when defining the scope of the ISMS. ‘Interested parties’ refers to clients, regulators and other stakeholders with requirements regarding the protection of customer information.
Ready to go through hundreds of clauses?
Establishing which laws pertain to information security and understanding which clauses are relevant to your specific business can be a tricky and time-consuming process.
That’s where the IT Legal Compliance Database comes in.
Prepopulated with over 90 laws and regulations pertaining to information security in England and Wales, the IT Legal Compliance Database provides up-to-date details of the specific acts and clauses that are relevant for ISO 27001 compliance, and cross-maps them to the relevant ISO 27001 controls.
You can view and select the clauses of each individual law to see the full implementation requirements, effective dates and the corresponding ISO 27001 controls. Controls for both ISO 27001:2013 and ISO 27001:2005 are included, enabling you to draw reports to illustrate the controls implemented, the relevant clauses selected, and who is responsible.
The IT Legal Compliance Database facilitates ISO 27001 compliance because it assists organisations in meeting their legal and regulatory requirements for optimal information security management.
Watch this brief demonstration video to view all of the features of the IT Legal Compliance Database.
Remain compliant and in control of your ISO 27001 ISMS with the IT Legal Compliance Database.