CHAPTER 1: INTRODUCTION
A key challenge for all IT management teams is to ensure that the organization avoids breaches of any criminal or civil law, as well as any statutory, regulatory or contractual obligations, and of any security requirements.
Control A.15.1.1 of ISO/IEC 27001:2005 provides guidance that is relevant to the IT governance of every organization. It says that the organization should explicitly define and document the statutory, regulatory and contractual requirements for each of its information systems, and that this documentation should be kept up-to-date to reflect any relevant changes in the legal environment.
The specific controls and individual responsibilities to meet these requirements should be similarly documented and ...
Get IT Regulatory Compliance in the UK now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
