PDCA with conflicting laws

30 pts.
Tags:
Laws
PDCA
Hello, I'm a student at the University of Advancing Technology (UAT) and this week we've been learning about the Plan, Do, Check, Act methodology for implementing an information management security system. Our reading explains about PDCA and how an organization should use it to obtain an ISO 27001 certification. In our reading there was a note about possible conflicts within different across national, state, and local laws and regulation. Does anyone have any knowledge or experience with how an organization handles this scenario? Which laws would takes legal precedent? Is it case by case, a general rule of thumb, or a clear winner in all cases?

Software/Hardware used:
N/A

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta
    Generally, federal always takes precedence over state, which takes precedence over local, except where local or state is more restrictive. An organization would handle conflicts by following whatever law applies. An organization would usually use the above 'rule of thumb' guideline of precedence unless specific rulings had been previously issued. It is always a court ruling that eventually determines what is right. This is the same way essentially all laws are followed. . And when in doubt, ask organization lawyers. I'd expect most organizations that achieve ISO 27001 certification have one available. . Tom
    125,585 pointsBadges:
    report
  • Kevin Beaver
    If you're an international company, you're going to have to comply with the laws specific to the region(s) in which you're operating. By all means get your lawyer involved.
    17,220 pointsBadges:
    report
  • Griff1371
    I figured that federal laws would take precedence over local/state in most cases and when in doubt consult a lawyer on the matter. International laws was something that didn't cross my mind when doing my reading so thank you for pointing that out!
    30 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following