Expert Advice Community

Guest

Creating the Register of Legal, Contractual, and Other Requirements

  Quote
Guest
Guest user Created:   Oct 19, 2023 Last commented:   Oct 19, 2023

Creating the Register of Legal, Contractual, and Other Requirements

I'm in the process of creating the Register of Legal, Contractual, and Other Requirements.

Q: how specific do I need to be? Is this where I list all our clients, suppliers, etc etc or do I give more top-line information and detail the specific interested parties later on?

Assign topic to the user

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

ISO 27001 RISK ASSESSMENT TABLE

Implement risk register using catalogues of vulnerabilities and threats.

Expert
Rhand Leal Oct 19, 2023

First is important to note that in this module, you need to list only the requirements of customers and regulators you need to comply with. Requirements related to suppliers are handled only in case there are risks that justify handling them.

Considering that, you should list each regulation as a unique entry because they are typically related to a specific reference (e.g., data privacy in Europe refers to GDPR and in Brazil to LGPD).

Regarding clients, you can group the clients with the same requirements together (e.g. if you have the same agreement signed with all of them), or you should list them separately if their security requirements are very different.

Regarding the level of detail, you can include only a summary of the requirement and refer to another document where more detailed information can be found. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 19, 2023

Oct 19, 2023