3.1.6 Regulatory Compliance
| No: 43028139 | Date(g): 4/11/2021 | Date(h): 29/3/1443 | Status: In-Force |
Principle
Relevant regulations including data privacy should be identified, communicated and complied which are affecting IT operations of the Member Organizations.
Control Requirements
| 1. | Member Organizations should establish a process ensuring compliance with IT related regulatory requirements. The process of ensuring compliance should: | |
| a. | be performed periodically or when new regulatory requirements become effective; | |
| b. | involve representatives from key areas of the Member Organization; | |
| c. | result in the update of IT policy, standards and procedures to accommodate any necessary changes (if applicable); and | |
| d. | maintain an up-to-date log of all relevant legal, regulatory and contractual requirements; their impact and required actions. | |