My company (software / SaaS) is working towards ISO 27001 certification. I’m really unfamiliar with the certification process…how do you go about creating the List of Legal, Regulatory, Contractual and Other Requirements? Is it literally a list of laws and regulations governing data and security that are applicable to our business, like GDPR, UK GDPR, CCPA, etc? Do I copy/paste MSA terms relating to security?

like
Posting as :
works at
You are currently posting as works at

It's literally just that list and any contractual obligations you agree to. Don't overthink it. Your auditor will tell you if there's more info needed.

like

I own a company which provides ISO certification services and will assist you from start to finish. Reach out if you want help!

Related Posts

So, I've realised there's a problem with developers, a lot of them are coders, not engineers. And another issue, is that, companies don't really care about their progression as far as I'm aware, so what did you guys do in your own time to transition from being a coder to an engineer?

like

Would be great to get more SG lawyers to talk about working in SG law firms. Think it will be a great avenue to get advice, share experiences and commiserate together

like

Would taking a director of legal operations position (jd preferred or a plus) make it hard to get back to practicing in a firm or another company?

like

Hi All,

I got senior specialist position in HCL. Can anyone please help me with the roles and responsibilities.

Experience : 4.5 years

Is this position good enough for this much much of experience?

like

I thought I really wanted to be a chemical engineer but the reality of the day to day has been disappointing to say the least… is this a common sentiment for a first job? Do I just have to keep going to get somewhere interesting?

like

What are the best exit opportunities after working in ODD, CDD, valuations for a few years? IB? PE possible?

like

Anyone here make a huge career change in their late 20s or 30s? Thinking of making one and wanted to hear your stories.

likeuplifting

Exit strategy: Where do people work after a career in Advertising or PR? Add examples of your past colleagues.

like

Trying to get a 45 y/o sibling in to consulting (was an entrepreneur prior in the restaurant industry). No college degree but willing to bust his but to learn. Books/online courses recommended pls

funny

How easy is it to move from an investment bank firm to a tech company?

like

Nagarro , YOE -4 ,Tech stack -QA , I have joined Nagarro 6 months ago , i was tagged in first project AFTER spending 2 months in bench , project was in manual testing , I asked the manager for change of project and he approved that I was released from project within 1.5 month , again got tagged in project project started very late and now there is again manual testing , should I re ask to change project ,or search for other opportunities outside ???? I want to work purely on automation testing

like

Hi Fishes,

How is KPMG digital lighthouse in terms of WLB and career growth? What are the perks of joining KPMG India?

Please give some advice as I have an offer from PWC India as well.

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

Any advice on which career path would lead to better lifestyle work wise and earning potential… starting out as a CBRE Investment Banking Associate vs Investment Sales Associate. Thanks for input
CBRE

like

I have 2 offers one from my Current company and one from Cisco my current company is giving 10 percent more than cisco Where should I go should I join cisco or stay in my current company( a small stablished startup )Considering my final goal as FAANG (similar) and I come from a Small College Cisco Amazon Uber Walmart

like

Looking to get back into SaaS sales after a few year hiatus. Any tips or recommendations to ramp myself back into SaaS sales? Any podcast or books, etc?

like

I am fairly green in academia (< 1 year) and I want to shift to an area of research which I always wanted to do but never could as a Ph.D. student (because of conflict of interest).
The issue I am facing is that due to lack of my documented research experience in this field (read, lack of papers) I am finding it very hard to land any grant and reviewers keep saying "The PI hasn't demonstrated any experience in said research" blah blah.
Any advice on how to overcome this?

Anyone have some good resources they can send me to learn more about exiting to corporate strategy?

like

Looking to transition to cloud computing sales. I have a 20 year sales history in IT sales but I have never sold any cloud computing products. Would any of the free certifications help ?

I’m taking a Microsoft certification course with Excel 2016. Should I opt for the 2019 version or are there few differences?

like

More Posts

like

recommendations for firm with good real WLB and open to remote work in Dallas or Atlanta? Doesn’t have to be true big law. Terrified to get it wrong…again… for the 4th time. 6th year Real Estate.

like

Anyone looking for full time work in the Kansas City, KS area? I'm a Recruiter at Spectrum and we have a new location here with great opportunities for those just starting their call center career and those who may be looking for a company with advancement opportunities. Let me know and I can share the job posting link. Thanks!

like

Hi guys, I am offering bookkeeping services at competitive rates and am available ASAP! If you or anyone you know are looking for a bookkeeping solution, DM me! Thanks!

like

Just spent 15 minutes buying a flight on the jet blue app... is there software really that slow?

like

Is there anything similar to the INDIRECT function that I can use to build a formula reference to another workbook? INDIRECT creates errors when the referenced workbook is closed..

like

How much should I expect to pay to a contractor for building a fully clickable prototype in figma? The design is multi platform and contains roughly 12 screens.

like

Working Moms/Dads: Do in-house positions exist with flex time hours? I need to be able to leave work at 4pm to pick up my son from daycare, but i can get back online at home to resume any unfinished work at 8pm. Is this realistic to convey to any companies in an interview? Pandemic aside, is face time 9-7pm really important? Or should i just try to find a job with a salary that covers a nanny salary and accept that i will never see my son on weekdays (which would be sad for both of us)? TIA!

like
likehelpful

Maybe this is the socialist in me but shouldn’t Moderna and Pfizer waive their patent exclusivity for their Covid vaccines? Don’t we have a moral obligation for the world to vaccinate as many people as quickly as possible?

It blows my mind that many countries won’t be able to vaccinate most of their people until 2023. There should be access to vaccine generics

likefunny

I created a macro to help me save time on this onetime task and now whenever I open my excel, a blank excel opens with the name of the macro. How do I get rid of it?

like

currently at a mid sized firm looking to go B4 but don't know anyone. should i hit up recruiters or staff on linkedin?

like

Hi Friends,

I have total 11 years of experience in IT (Enterprise applications:Oracle Weblogic) and 4 years in DevOps, Git, Google Cloud, Terraform, Docker, Kubernetes. Currently working with Accenture India. I have been trying for almost a month in LinkedIn (applying for jobs as directly messaging recruiters) for opportunities in London, however not getting any positive response/interview calls.

If anyone working in UK can refer me in their organization, would be really helpful

like

Hi guys...I am currently working as a process executive at Infosys BPO.. with a very basic salary of 16k..any professional advice on how can I get a salary hike here?
Any help will be much appreciated

like

Networking question here. A retired partner at the firm I used to work out reached out to me recently about attending an afternoon during the week (b4 4/30) with one of his long time clients. The partner and I have kept in touch since I joined my new firm and I feel like his invitation is a great networking opportunity since the client (who I have worked with before) is on a number of boards. Torn as how to request off as an S3. Could materialize to nothing but could be good for reconnecting.

like

Hello 👋 Professional Singles /heartbroken people

Please help chose between PwC India and Deloitte USI. Both almost offering similar CTC but PwC location is Kolkata whereas Deloitte location is Bangalore.

like

Looking for a job change in a branded company ..YOE 8, Business Analyst, bangalore location.

Any Managers or Seniors Managers.Please DM in case of business analyst opening only in branded companys

like

Hi all, Please tell how much should I ask Accenture Accenture India as an expected CTC for 3 years of experience as a .net developer. Offer in hand - 10 LPA

like

Rising 2nd year here: been rethinking my choice as an M&A attorney. I've had a rough go of it over the first year-and-a-half of practice and am thinking about moving to a different practice area. I'd like to stay on the transactional side, but am not quite sure what areas I can leverage my corporate and M&A skills in. I was thinking T&E (i.e. business succession planning, etc.)

Would greatly appreciate input from others.

like

Additional Posts in Privacy Law

Anyone work Cigna? Looking for a referral

like

Can we talk about privacy vendors? We are looking for a platform to handle data inventory and/or data discovery, as well as automating the privacy impact assessment process. We already have vendors for DSARs and cookies. Do most people consolidate all these functions to one platform or use multiple? Anyone willing to share vendors they have had good or bad experiences with?

like

Mid/big law privacy associates- how much do you bill a month on average? is your workload predictable?

like

Do law firms ever cover the cost of the CIPP/US certificate?

like

Can you incorporate SCCs by reference in a DPA?

like

Anyone else dying this week 😅

like

Anyone have any CIPP/US practice questions besides the 30 from the IAPP?

like

Has anyone been successful negotiating a “breach notification costs” provision in contracts with vendors? What are some good args to include it? I feel like vendors generally flat out say “no”, but I have seen some contracts where vendors were willing to include it and I’m wondering how that happened 😁

like

Low billable, low pressure work in privacy law? Slowly realizing that as my boys get older, the money isn’t worth what I’m missing out on. Currently a tech litigation associate with lots of hearing, depo and trial experience (I’ve appeared on my own at hearings/depos) at a well respected firm. I have limited privacy experience despite being hired for that reason… Have my CIPM and CIPP/US /E and /C. Remote preferred; hubs is pilot with cool intl transfer opportunities. Money isn’t issue.

funnylike

IAPP is such trash. Why does everyone recommend getting the CIPP certs when they mean nothing??

like

How can I stop data brokers from selling my information to political campaigns & other Ad compaigns? I don't live in California so CCPA does not apply to me..

like

Hi all! I’m inclined on taking up the CIPM training and certification exam. I’m already a certified Data Protection Officer in the Philippines. I intend on skipping CIPP as it applies to the US and EU.

How difficult was the exam? Can you share your experience studying for the CIPM exam? Is it advisable to skip CIPP?

Many thanks in advance.

like

Advice needed!! Have 8+ years of compliance/legal/in house experience (not privacy law except HIPAA). I really want a Privacy Counsel role so I took and passed the CIPP/US and CIPM exams this past year. I’ve been offered an Associate Director job at PwC. Is this a good stepping stone to a Privacy Counsel role? How long should I expect to work at PwC before I could apply to Privacy Counsel roles??

like

Looking for referrals to privacy practice at firms - not recruiters, associates only please. I am a senior corporate privacy associate with experience in counseling, compliance and regulatory advice. Experience with clients of all sizes and risk tolerances - start ups to global companies. No interest in firms that pay under market (no offense). TIA

like

Hi all,
Been doing privacy for about a year now in-house. Got my CIPP/US.
Having major imposter syndrome still. I feel like the minute I finally have a grasp, something changes. The law and nuances just seem overwhelming. Maybe it’s just a lack of guidance/uniformity in the US. I’m not sure if I feel this way because it is simply the nature of the work or because I’m just not capable.
😔

likehelpful
like

So as a 30ish yo with a government/PE/tech background and CIPM/CIPP… I’m finding privacy work is just much easier and interesting than other kinds, but still pays plenty well.

Is it too late/inadvisable to go to law school to specifically aim for privacy work?

I just find some firms are unwilling to entertain the idea that anyone but a lawyer has anything relevant to contribute in this space…

like

Firms hiring in Texas, Iowa or remote? Junior associate with CIPP (US +E), CIPM, and a post-grad fellowship in cybersecurity.

like

What certifications should I get if I’m looking to go into cyber like data breach matters?

like

Is it normal for a California employer to include a very detailed notice in the employee handbook about employee monitoring practices and the company’s right to search your stuff? Or do I need to look for a new job immediately….. 🚩

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal