Information Security Legislation

InfoSec Legislation supports organisation’s throughout the UK by identifying information security legislation that is applicable to their core activities and creating bespoke legal and other requirements registers. Our service has been developed to assist organisation’s to satisfy the compliance requirements contained in ISO27001, the information security management system standard. Our service will also satisfy the compliance requirements of ISO22301, the business continuity management system standard.

Subscription to InfoSec Legislation provides organisations with the ability to:

Identify the compliance obligations that are relevant to their business
Access relevant information security legislation
Document how these compliance obligations apply to their business
Demonstrate how they keep up to date with changes to these compliance obligations
Record documented information as evidence of ongoing compliance evaluations
Record identified information security risks and opportunities associated with their compliance obligations
Maintain knowledge and understanding of their compliance status
Link compliance obligations to relevant information security objectives

All of which are required elements of an effective information security management system, satisfying the compliance requirements of ISO27001

Our information security legal and other requirements register includes:

The ability to create bespoke legal registers containing the identified legislation that is relevant to your organisation’s activities
Plain English summaries for all relevant legislation
Regular legal content updates including new and amended legislation, which is automatically updated to your legal register
A quarterly newsletter, emailed to nominated personnel and containing information on new and amended legislation, together with related information security news, guidance, prosecutions and commentary
The ability to document compliance comments against individual pieces of legislation and upload related documents, creating an audit trail for the evaluation of legal compliance
The ability to add non-statutory compliance obligations to your legal and other requirements register
Support for legal compliance and / or technical enquiries

Subscription to InfoSec Legislation will provide your organisation with the following:

The Information Security legal and other requirements register itself - the structure and content of which is outlined below
What’s new in your register - providing you with a list of relevant changes to identified information security legislation on a quarterly basis
Ongoing information security compliance evaluations - as detailed on the Legislative Compliance tab
Quarterly newsletters – sent directly nominated personnel
Useful information security resources
An overview of associated information security consultancy services

The information security legal and other requirements register includes Acts and Regulations covering UK and European Law. In total, the register identifies and documents over two hundred individual pieces of information security legislation. The content of your legal register is structured under relevant chapter headings, together with examples of information security legislation that is relevant for each chapter.

Data Protection

The Data Protection Act 2018
The European General Data Protection (GDPR) Regulations 2016
The Computer Misuse Act 1990
The Freedom of Information Act 2000

Corporate

The Companies Act 2006
The Bribery Act 2010
The Fraud Act 2006

Intellectual Property

The Copyright Act 1956
The Copyright, Design & Patents Act 1988
The Intellectual Property Act 2014

Communications

The Broadcasting Act 1990
The Communications Act 2003
The Telecommunications Act 1984

Law Enforcement & Operations

The Criminal Justice Act 1988
The Terrorism Act 2006
The Regulation of Investigatory Powers Act 2000

Disability & Equality

The Human Rights Act 1998
The Equality Act 2010
The Disability Discrimination Act 2005

Human Resources, Nationality & Right to Work

The Employment Act 2002
The Immigration, Asylum & Nationality Act 2006
The Employment Rights Act 1996

Education

The Education Act 2011
The Further Education & Training Act 2007
The Higher Education Act 2004

Financial Services

The Finance Act 1998
The Financial Services Act 2012
The Financial Services & Markets Act 2000

Legal Services

The Legal Services Act 2007
The Solicitors Act 2004
The Limited Liability Partnership Act 2000

Health & Wellbeing

The Health Act 2009
The Health & Social Care Act 2011
The Mental Health Act 2007

Utilities & Supply

The Electricity Act 1989
The Gas Act 1986

Business Continuity & Civil Contingencies

The Civil Contingencies Act 2004
The Business Continuity Management Practice Guide 2006

Environment & Health and Safety

The Health & Safety at Work Act 1974
The Reporting of Injuries, Diseases & Dangerous Occurrences Regulations 1995
The Waste Electrical & Electronic Equipment (Amendment) Regulations 2007

Annual renewal of your subscription to InfoSec Legislation includes an evaluation of the identified information security legislation that have been documented on your legal and other requirements register. This service provides an objective and impartial analysis of your identified obligations, satisfying the compliance and performance evaluation requirements of ISO27001 and providing assurance that your legal and other requirements register remains up to date and relevant to your organization’s core business activities.

On completion of the annual legislative review, a compliance certificate will be added to your legal and other requirements register, to confirm that the evaluation of information security legislation has been completed and demonstrate ongoing compliance to your stated legal and other obligations.

Information Security Legislation

Legal Register

Register Content

Newsletter

Legislative Compliance

Contact Us