Legal, Regulatory and Contractual Controls in ISO 27001

In this episode of InfoSec Insider, Mark O’Kane, Consultant at URM, offers his insights into the legal, regulatory and contractual-related controls (A.5.31-37) from Annex A of ISO 27001:2022 and how they can be effectively implemented by organisations.  Mark draws upon his extensive experience assisting organisations to certify against the Standard to discuss:

• The requirements of the legal, regulatory and contractual controls and how they fit into the overall aim of the ‘Organisational’ control theme
• How the legal controls help to prevent breaches of legal, statutory, regulatory or contractual obligations related to information security
• How to put controls A.5.31-37 into practice.

Learn more about this topic: https://www.urmconsulting.com/blog/iso-27001-2022-a-5-organisational-controls-legal-regulatory-and-contractual

If you enjoyed this episode of InfoSec Insider, you can leave us a rating and review here: https://ratethispodcast.com/infosecinsider   

You can find more episodes of InfoSec Insider here: https://urmconsulting.com/podcasts   

Brought to you by URM, the UK’s leading information and cyber security specialists.