Guest
Regarding the Conformio Register of requirements: I don't understand how granular the entries should be (recommended or required by the ISO27001:2022 standard). We have a lot of contracts with different customers but the contracts themselves have the same content. Should we create a new entry for every customer contract or would it be sufficient to create a general entry for all contracts with the same content? Or should we even create a new entry for every requirement of each contract of every customer?
In the example for this section, "XYZ bank" is identified by name as a customer in the register. We are a SaaS provider with over 1,000 companies using our product to service their clients. We certainly do not need to list each and everyone since our service/product is the same for all. How would we identify our clients then?