Expert Advice Community

Guest

Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements

  Quote
Guest
Guest user Created:   Jan 21, 2021 Last commented:   Jan 21, 2021

Appendix 1 – List of Legal, Regulatory, Contractual and Other Requirements

Hi, i don't know how to start this list, i may need clear examples on how to fill this list. Maybe some examples in the document for each will be nice.

- Legal examples
- Regulatory examples
- Contractual examples
- Other requirements examples

1 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 21, 2021

Here is a practical example of how to fill this template:

Consider that, a customer named Jon has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC is restricted to customer personnel only. In this case, the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:

Interested party: Customer Jon
Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel)
Document: Service level agreement
Person responsible for compliance: System ABC administrator
Deadline: when system ABC is made available for customer use
Besides Service Level Agreements, you should consider laws and regulations applicable to the locations where you operate the same way described in the example (i.e., identifying interested party, requirement, document, etc.). For the identification of specific requirements for your organization we recommend you seek expert legal advice. 

This article will provide you further explanation about identifying requirements:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/blog/17/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ (although this article is about information security, the same concept applies to business continuity)

To see how a document to record such requirements looks like, please access the free demo at this link: https://advisera.com/27001academy/01academy/emy/ademy/my/documentation/list-of-legal-regulatory-contractual-and-other-requirements/

Quote
0 1
Juan Jimenez Jan 21, 2021

Great example, thanks  @Rhand Leal 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 20, 2021

Jan 21, 2021

Suggested Topics