Audit and Assurance

Expand all | Collapse all

ISO Legal and Regulatory Obligations

  • 1.  ISO Legal and Regulatory Obligations

    Posted 03 Sep, 2019 10:57
    Hello Everyone,

    We're a legal entity and in the process of working to get our organization ISO 27001 certified. One of the ISO standards that we need to meet, is Legal and Regulatory obligations. I don't believe there are many US regulations that would pertain to Law Firms, other than the BAR association.

    Any input regarding US regulations for Law Firms would be appreciated.

    Thank You

    Mansour Alsayidi
    Information Security And Application Support Manager, CISM

  • 2.  RE: ISO Legal and Regulatory Obligations

    Posted 09 Sep, 2019 13:45

    @Mansour Alsayidi,

    This objective relates to avoid breaches of legal, statutory, regulatory or contractual obligations related to information security and the security of data so consider data protection laws, privacy laws, PCI DSS etc.

    Best Regards,


    Ian Cooke
    Audit & Assurance Topic Leader
    ISACA Journal Columnist