1. How to handle legal and contractual requirements and what clauses require this in the standard?
Legal and contractual requirements are handled through the Register of Requirements module. In the Wizard tab on the screen's left side, you will find A Help & Support tab where you can access help videos that will explain how to use this module.
Legal and contractual requirements are related to standard clause 4.2 Understanding the needs and expectations of interested parties, and Annex A control A.18.1.1 Identification of applicable legislation and contractual requirements.
2. Is it required that the person who is doing the Audit needs to have training in Internal Auditing and ISO 27001?
The standard requires that a person performing work that can impact information security has proper competence, by means of experience, training, or education.
Considering that, in case this person already has previous experience on ISO 27001 and ISO 27001 internal audits (e.g., this person has already performed internal audits before), he does not necessarily need to have formal training.
For further information, see: