ISO 27001: ISMS Certification Vs Legal Compliance

  • ISMS certification is a voluntary Certification and not a substitute for compliance to legal requirements. Compliance with ISO 27001 does not in itself confer immunity from legal obligations.
  • The maintenance and evaluation of legal and regulatory compliance is the responsibility of the client organization.
  • The certification body shall restrict itself to checks and samples in order to establish confidence that the ISMS functions in this regard.
  • The certification body shall verify that the client organization has a management system to achieve legal and regulatory compliance applicable to the information security risks and impacts
error: Content is protected !!