Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS MARCH 30, 2023

Expert Advice Community

Guest

Contractual obligations

  Quote
Guest
Guest user Created:   Mar 09, 2023 Last commented:   Mar 09, 2023

Contractual obligations

Hi Dejan!

I hope you are well and don’t mind me reaching out. I am in the process of drafting legal and contractual obligations for the company ISMS and wanted to ask if you would kindly be able to share an example of each?

I’m struggling to find examples online, particularly for contractual requirements and how this should be documented.

It would also be good to know in your experience, the average number of legal and contractual obligations a medium sized organisation would usually need to have.

Any help would be greatly appreciated.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 09, 2023

1 - I hope you are well and don’t mind me reaching out. I am in the process of drafting legal and contractual obligations for the company ISMS and wanted to ask if you would kindly be able to share an example of each?

I’m struggling to find examples online, particularly for contractual requirements and how this should be documented.

I’m assuming that the question is about legal and contractual obligations for suppliers.

Considering that, we are not legal experts, so what we can provide you are statements about what needs to be considered for the drafting of legal and contractual obligations. You should consult a legal expert for him to draft the legal clauses properly.

Here are some examples related to suppliers:

  • Right to audit: the organization has the right to audit and test the security controls periodically, or upon significant changes to the relationship.
  • Response time to vulnerabilities: provide, in a timely manner, proper treatment for known vulnerabilities that may impact the organization’s business.

Here are some examples related to contracts with employees:

  • responsibilities regarding the classification and handling of information and information-related assets
  • actions to be taken if security requirements are violated by the involved parties

For further information, see:

This material can also help you:

2 - It would also be good to know in your experience, the average number of legal and contractual obligations a medium sized organisation would usually need to have.

Any help would be greatly appreciated.

Please note that there is no number or range to be considered as a reference. The number of legal and contractual obligations to be considered by an organization will depend on the results of risk assessment and applicable legal requirements (i.e., the laws, regulations, and contracts an organization must fulfill).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 09, 2023

Mar 09, 2023

Suggested Topics

Guest user Created:   Nov 24, 2021 ISO 27001 & 22301
Replies: 3
0 0

Preparing SoA