Since the UK Government’s Cyber Security Strategy was published in November 2011, industries have a greater incentive to familiarise themselves with the existing legislation and adhere to those laws relevant to them. Laws such as the Data Protection Act (DPA), Freedom of Information Act, Privacy and Electronic Communications Regulations, exist in order to protect organisations’ information assets, as well as the well-being of their customers and stakeholders. Compliance to the international information security standard, ISO27001, ensures that companies comply with this legislation.
Companies are increasingly becoming subject to more legal and regulatory compliance requirements. Most organisations struggle to prove compliance against these laws and regulations, and have difficulty in keeping track of where their gaps lie, it is at this point that organisations often stick their heads in the ground and hope the problem won’t affect them.
There are over 70 information-related laws and statutes currently in force in the UK. Organisations need to know what laws they have to comply with and how to ensure compliance. IT and compliance managers face the task of becoming familiar with these laws, and identifying the ones they need to comply with.
Project managers responsible for implementing an ISO27001-compliant Information Security Management System (ISMS) know that there are five controls in ISO/IEC 27001 Annex A which impose specific requirements. According to these, organisations need to, first identify and, second stay up-to-date with statutory and regulatory requirements.
IT Governance consultants and experts have pooled their knowledge to provide a solution to this dilemma, and accordingly have a designed a product that can both enable an organisation to identify the relevant legislations, keep track of changes to compliance status and, ensure the organisation receives regular updates. The ISO27001 Compliance Database and Update Service is the only product on the market that holds a repository of all the 71 statutes and regulations relevant to ISO27001. The Compliance Database is regularly updated, and this helps customers ensure they are keeping abreast with key UK laws and regulations.
The ISO27001 Compliance Database and Update Service identifies the specific clauses within each legal instrument that organisations must comply with, providing best-practice guidance on how to comply with that clause. It also enables an ISMS project manager to select appropriate controls at the individual clause level.
Take a look at the database by watching this demonstration video on ITG’s Compliance Database and Update Service https://www.itgovernance.co.uk/products/3161