ISO27001 Compliance Database and Update Service (1 or 3 Year Licence)
ISO27001 requires you to develop your ISMS, taking ‘into account business and legal or regulatory requirements, and contractual security obligations’ (Clause 4.2.1 b. 2).
The only cost-effective way to meet this requirement is with the ITG ISO27001 Compliance Database and Update Service – which also helps you comply with five key Annex A controls.
Comply with Five Key ISO27001 Annex A Controls
The five controls in ISO/IEC 27001 Annex A which impose specific requirements in terms of, first, identifying and, second, staying up-to-date with statutory and regulatory requirements (hover over control for control objective from ISO/IEC27001:2005).
A.15.1.1 Identification of applicable legislation
A.15.1.2 Intellectual Property Rights (IPR)
A.15.1.3 Protection of Organizational Records
A.15.1.4 Data protection and privacy of personal information
A.15.1.6 Regulation of Cryptographic Controls
Database of All Critical Statutory & Regulatory Documents
Find all the critical statutory and regulatory documents in one place - saving you the time, hassle and expense of trying to track them down and make sense of them all yourself. The easy-to-use ITG ISO27001 Compliance Database includes:
- all the 33 UK statutes and regulations (including information security and IT-related, IPR and copyright, Software protection, Data Protection, Privacy and Cryptographic controls) relevant to each of the Annex A controls above, together with links to directly relevant international regulations and frameworks (eg US Safe Harbor Provisions for Data Protection), together with:
- Selection option to allow you to create your own bespoke legal register;
- Links to full text versions of relevant clause of statutes and regulations;
- Links to best-practice and official compliance guidance wherever it exists;
- Option to comment on individual items to demonstrate compliance and create an audit trail;
- Identification of which controls in ISO27001 Annex A can be used to demonstrate compliance with each clause (or option to include alternative controls)
- Schedule of data retention requirements, by document type
Regular ISO27001 Compliance Database Updates
You also get up to 12 or 36 (depending on subscription period) updates for the database, enabling you to stay abreast of the changing regulatory environment. These updates (and if there are no changes in a month, then there will be no updates) include: information about:
- Changes to, or new, statutes and regulations, ensuring that your database is always up to date, together with implementation guidance and links to relevant ISO27001 Annex A controls;
- Changes in regulations, or enforcement regimes, that are relevant to the identified statutes and regulations.
Relevant Compliance Information
The ISO27001 Compliance Database and Update Service identifies the specific clauses, within each legal instrument, that you must comply with, provides best practice guidance on how to comply with that clause, and enables you to select appropriate controls - again, at the individual clause level. This is THE compliance service for the ISMS project manager and, where it is appropriate to take your own professional advice, this service will enable you to manage professional legal costs very effectively!
Easy-to-Deploy
The ISO27001 Compliance Database is in Microsoft Access 2010 format, which can be deployed directly onto a desktop or onto SharePoint Server. The licence for ISO27001 Compliance Database covers one or multiple users within a single ISMS. The current version of this product is primarily suitable for oganisations that are based in, or have to comply with the laws of, England and Wales.
Publisher: IT Governance Publishing
Format: MS Access 2007 SP2, MS Access 2010 (requires prior installation of MS Access)
Launch Date: 9 December 2010
Availability: Available for purchase
Early Adopter Pricing Applies through December 2010