Compliance with legal requirements

Objective: To avoid breaches of any law, statutory, regulatory or contractual obligations and of any security requirements.

The design, operation, use and management of information systems may be subject to statutory, regulatory and contractual security requirements.

Identification of applicable legislation

All relevant statutory, regulatory and contractual requirements should be explicitly defined and documented.

Intellectual property rights (IPR)

Appropriate controls should be implemented to ensure compliance with relevant legal requirements for the use of copyrighted or trademarked material.

Protection of organisational records

Important records of an organisation should be protected from loss, destruction and falsification.

Data protection and privacy of personal information

Applications handling personal data should comply with the relevant data protection legislation and principles.

Prevention of misuse of information processing facilities

Information processing facilities should only be used for authorised business purposes.

Regulation of cryptographic controls

Legislation regarding cryptography in all countries where organisational data or information processing facilities may reside must be understood and obeyed.

An Introduction To Information, Network and Internet Security
Compliance with legal requirements Objective: To avoid breaches of any law, statutory, regulatory or contractual obligations and of any security requirements. The design, operation, use and management of information systems may be subject to statutory, regulatory and contractual security requirements. Identification of applicable legislation All relevant statutory, regulatory and contractual requirements should be explicitly defined and documented. Intellectual property rights (IPR) Appropriate controls should be implemented to ensure compliance with relevant legal requirements for the use of copyrighted or trademarked material. Protection of organisational records Important records of an organisation should be protected from loss, destruction and falsification. Data protection and privacy of personal information Applications handling personal data should comply with the relevant data protection legislation and principles. Prevention of misuse of information processing facilities Information processing facilities should only be used for authorised business purposes. Regulation of cryptographic controls Legislation regarding cryptography in all countries where organisational data or information processing facilities may reside must be understood and obeyed.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security