Skip to content
English
Contact
  • There are no suggestions because the search field is empty.

What does the 'Legal Obligations' field mean in the Asset Register?

When managing assets within the framework of an ISO 27001 compliant Information Security Management System (ISMS), understanding the legal obligations associated with each asset is crucial.

These obligations can influence how assets are handled, protected, and can also impact the selection of security controls applied to them. The “Legal Obligations” field in your Asset Register form plays a significant role in ensuring compliance with various laws and regulations.

What are Legal Obligations?

Legal obligations are the specific legal requirements that an organisation must adhere to in relation to the management and security of its assets. These may include, but are not limited to:

  • Data Protection Laws: For example, the General Data Protection Regulation (GDPR) in the EU imposes strict rules on data handling and grants significant rights to individuals regarding their personal data.

  • Intellectual Property Rights: This includes laws that protect products of the intellect from unauthorised use or reproduction.

  • Contractual Agreements: Contracts with clients or partners may include clauses related to the security of shared information assets.

  • Industry Regulations: Certain industries, like healthcare and finance, have additional regulatory requirements regarding the handling and protection of information.

  • Compliance Requirements: Such as Payment Card Industry Data Security Standard (PCI DSS) for payment card data, or HIPAA for health information in the US.

Identifying Legal Obligations

Depending on the Assets listed in your Register, the process of identifying legal obligations might involve:

  • Consultation with Legal Experts: Collaborating with legal counsel to understand applicable laws and regulations.

  • Consultation with Regulatory Bodies: Identify any regulatory bodies governing the use of the asset.

  • Review of Jurisdiction: Consider the legal jurisdiction in which the asset is held or used, especially for digital assets that may be accessible globally.

  • Review of Contractual Commitments: Examining contracts for clauses that impact asset security.

  • Industry Best Practices: Keeping abreast of regulatory changes and industry-specific compliance obligations.

  • Compliance Audits: Regularly auditing asset management practices to ensure legal compliance.

The Importance of Legal Obligations in Asset Management\

Managing legal obligations effectively:

  • Minimises Legal Risk: Ensuring assets comply with legal requirements reduces the risk of legal penalties.

  • Informs Security Measures: Understanding legal obligations can dictate the level and type of security controls needed.

  • Builds Trust: Demonstrates to stakeholders that the organisation takes compliance and information security seriously.

  • Supports Business Continuity: Helps prevent legal issues that could disrupt business operations.

It is a requirement of ISO 27001 that the Legal Obligations for an entity are documented in the ISMS. This requirement is met by documenting Legal Obligations in the Asset Register, and in the ISMS Manual in the de.iterate platform.