Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Legal and regulatory environment and compliance

Legal and regulatory environment and compliance

Skill definition

Legal and regulatory environment and compliance refers to an organisation’s adherence to laws, regulations, guidelines and specifications relevant to its business processes. It consists of a blend of compliance requirements and assurance capabilities. Principles of the skill include understanding the legal and regulatory environment within which the business operates, ensuring that information security governance arrangements are appropriate, and ensuring that the organisation complies with legal and regulatory requirements.

Awareness

  • Describes the major legislative regulatory instruments relevant to security legislation and regulation relevant to the role
  • Maintains understanding of regulations that will impact the role
  • Follows documented procedures for compliance or regulations

Working

  • Explains the principal requirements of major legislation and regulations relevant to security, and the legal and regulatory instruments relevant to the role
  • Reviews and implements alterations to operating procedures in response to changes in regulations
  • Educates/provides guidance on the implementation of regulations
  • Reports residual non-compliance to management in accordance with organisation procedures

Practitioner

  • Advises others on the principal requirements of major legislation and regulations relevant to security, and the legal and regulatory instruments relevant to the role
  • Provides oversight of the range of regulations that impact the security function and the interactions between them
  • Designs and leads implementation of business change, where required by regulation
  • Leads the implementation of regulations within the security function
  • Reports residual non-compliance to senior management in accordance with organisational procedures

Expert

  • Leads the application of major legislation and regulations relevant to security, to ensure security is a business enabler
  • Champions opportunities that regulation and compliance can provide to an organisation at senior manager or board level
  • Promotes regulation and compliance within the security function
  • Advises on the development of new legislation and regulation
  • Lobbies external authorities, e.g. for niche regulation

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now