Does ISO 27001 require legal and contractual compliance?
Yes! ISO 27001 requires compliance to any legal / regulatory or contractual obligation that is applicable to the scope of registration. The risk assessment process typically addresses this as the risk of non-compliance. Compliance requirements such as FISMA, HIPAA, PCI DSS, are often mapped to Annex A for audit and applicability purposes.
