Assessment/Treatment Methodology
I would now have the question on the Risk Assessment / Treatment Methodology: what exactly must be included in the" list of legal, regulatory and contractual or other requirements "or what is the recommendation?
Assign topic to the user
The list of legal, regulatory, and contractual or other requirements summarizes all requirements, interested parties, and responsible persons for complying with requirements that must be fulfilled by the ISMS.
An example of how to fill in the List of Legal, Regulatory, Contractual, and Other Requirements, is this scenario:
A customer has a service level agreement with your company which defines, on clause 32-b, that in case of a disruptive incident, access to information system ABC must be restored to at least 30% of normal capacity in no more than 24 hours. In this case, the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:
Interested party: Customer Jon
Requirement: Clause 32-b (recovering access to system ABC to at least 30% of normal capacity in no more than 24 hours)
Document: Service level agreement
Person responsible for compliance: System ABC administrator
Deadline: 24 hours after the occurrence of disruptive incident which makes access to system ABC unavailable
To see how a list of legal, regulatory and contractual or other requirements looks like, please take a look at the free demo of our List of Legal, Regulatory, Contractual and Other Requirements at this link: https://advisera.com/27001academy/documentation/list-of-legal-regulatory-contractual-and-other-requirements/
This article will provide you a further explanation about the list of requirements:
- How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Aug 11, 2020