Hi, i don't know how to start this list, i may need clear examples on how to fill this list. Maybe some examples in the document for each will be nice.
- Legal examples
- Regulatory examples
- Contractual examples
- Other requirements examples
Here is a practical example of how to fill this template:
Consider that, a customer named Jon has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC is restricted to customer personnel only. In this case, the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:
Interested party: Customer Jon Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel) Document: Service level agreement Person responsible for compliance: System ABC administrator Deadline: when system ABC is made available for customer use Besides Service Level Agreements, you should consider laws and regulations applicable to the locations where you operate the same way described in the example (i.e., identifying interested party, requirement, document, etc.). For the identification of specific requirements for your organization we recommend you seek expert legal advice.
ISO 27001 does not prescribe the identification of contractual requirements to be made for every client, so you can use the approach that best fits your needs. One way is to define a list of requirements for a specific set of clients with specific characteristics: - are from the same country - have similar size - contracts the same service - the contracts have similar value.
Of course, you can have a list of requirements for specific clients you value the most or wants to monitor closely.