Filling templates
Assign topic to the user
Answer:
Since you already have identified the interested parties, now you have to identify the documents in which their requirements can be located (e.g. service level agreements, outsourcing contracts, laws, industry regulations, etc.), and the precise requirements that must be fulfilled (e.g., the clauses).
For example, a customer has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC are restricted to customer personnel only. In this case the person responsible for syste m ABC is the responsible to ensure compliance of the system to this requirement. Then your document would be like this:
Interested party: Customer Jon
Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel)
Document: Service level agreement
Person responsible for compliance: System ABC administrator
Deadline: when system ABC is made available for customer use
This article will provide you further explanation about identifying requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Dec 04, 2018