The objective of adhering to Compliance is to avoid breaches related to legal, statutory, regulatory or contractual obligations related to information security or any security requirements. This module of ISO 27001 helps in identification of applicable legislation and contractual requirements for the organization.
How does being compliant helps the organization:
All relevant legislative statutory, regulatory, contractual requirements and the organization's approach to meet these requirements shall be explicitly identified, documented and kept up to date for each information system and the organization. Appropriate procedures shall be implemented to ensure compliance with legislative, regulatory and contractual requirements related to intellectual property rights and use of proprietary software products. The records & documents shall be protected from loss, destruction, falsification, unauthorized access and unauthorized release, in accordance with legislator, regulatory, contractual and business requirements.
Privacy and protection of personally identifiable information is ensured as required in relevant legislation and regulation. Cryptographic controls such as encryption, hashing, etc. shall be used in compliance with all relevant agreements, legislation and regulations.
The organization's approach to managing information security and its implementation (i.e. control objectives, controls, policies, pro- cesses and procedures for information security) shall be reviewed independently at planned intervals or when significant changes occur. Managers shall regularly review the compliance of information processing and procedures within their area of responsibility with the appropriate security policies, standards and any other security requirements. Information systems shall be regularly reviewed for compliance with the organization's information security policies and standards.
How would being compliant help the Employees of the organization:
Being compliant to regulatory policies would give an organization the peace of mind to engage their workforce on more productive & critical activities. So, adhering to compliance control category of ISO 27001 will give an organization additional confidence & competitive advantage in the market place.