Expert Advice Community

Guest

Customers and Register of Requirements

  Quote
Guest
Tom Hartley Created:   Apr 13, 2021 Last commented:   Apr 15, 2021

Customers and Register of Requirements

In the example for this section, "XYZ bank" is identified by name as a customer in the register. We are a SaaS provider with over 1,000 companies using our product to service their clients. We certainly do not need to list each and everyone since our service/product is the same for all. How would we identify our clients then?

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 15, 2021

In situations like this one, if the information security requirements of your customers are exactly the same, then you can use one item for all of your customers, there is no need to segment them.

In case you need to identify specific clients due to other business needs, a common approach is to organize customers according to previously defined criteria (e.g., customer size, customer region, customer revenue level, customers under the same requirements set, etc.). This way you can keep a balance between the number of entries in the register and relevant analytical information.

In case you have companies with unique characteristics or companies you want to maintain a closer look at, you can include them individually.

This article will provide you a related explanation about assets management you can apply to this case:

- How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/01academy/emy/ademy/my/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 13, 2021

Apr 15, 2021