ISO 27001 5.31 Legal, Statutory, Regulatory and Contractual Requirements Requirement:
"Legal, statutory, regulatory and contractual requirements relevant to information security and the organization’s approach to meet these requirements shall be identified, documented and kept up to date."[1]
ISO 27001 5.31 Legal, Statutory, Regulatory and Contractual Requirements Requirement Explanation:
Organizations often have regulatory cybersecurity obligations. For example health care providers have HIPAA payment processors have PCI-DSS and suppliers to the U.S. department of defense have NIST SP 800-171 requirements. The organization needs to identify and document it's compliance requirements.
References:
Quick & Simple
Discover Our Cybersecurity Compliance Solutions:
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.