1051 NW 14th St., Suite 165
(UM mail routing R-26)
Miami, FL 33136

Receptionist: 305-243-6475
Hours: 830am - 500pm, M-F

Help Desk: 305-243-5999
Hours: 24/7

General fax: 305-243-6417
Admin. fax: 305-243-2622

Rust (1963). Electron micrograph of an oxide scale, sometimes called rust, on a single crystal of iron. Source: General Motors and Nationl Museum of American History.

Related content

Compliance with external and internal requirements

Objective • Data privacy/security policies should ensure compliance with all "external" obligations that derive from statutory, regulatory, certificatory and contractual obligations. Policies should also ensure compliance with other "internal" organizational policies, procedures and standards.

Identification of external and internal requirements • All applicable external and internal contractual requirements with application to information security should be identified. This could include requirements to:

protect and preserve organizational records, including records necessary for auditing compliance with these requirements;
protect the confidentiality of personal data;
regulate cryptographic and other sensitive technologies; and
preserve intellectual property rights.

Documentation • The organization's systematic approach to meeting these requirements should be explicitly documented and kept up to date.

Communication, training and awareness • External and internal requirements should be communicated to all persons affiliated with the organization, including relevant external parties that handle data on the organization’s behalf, via an appropriate training and awareness program.

Periodic review • Data, data system and data facility controllers should periodically review all processes within their areas of responsibility to ensure compliance with applicable internal and external requirements.

SOURCES: ISO-27001/27002:2005 sects. 15.1 – 15.2.