Expert Advice Community

Guest

Filling template

  Quote
Guest
Guest user Created:   Jan 15, 2020 Last commented:   Jan 18, 2020

Filling template

In the 270001 Consultant Toolkit, in document 02.1 appendix 1, there are some fields that ask for deadlines/periods of time.
And I have no idea what to fill in there.

Can you please explain that, and give me an idea of how to handle this?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Jan 15, 2020

I assume you are referring to the List of Legal, Regulatory, Contractual and Other Requirements. 

You need to specify the deadlines for each requirement you list in that document - those deadlines are typically set by the laws/regulations/contracts that you list. For example, if a regulation xyz comes into effect on March 31, 2020, then this is the deadline until which you have to implement this requirement. 

Quote
0 0
Guest
Guest user Jan 16, 2020

Good morning Dejan,

thanks for your fast response. Ok, clear so far but... What's for example with legal requirements? There are no deadlines for validity. Or for example employment contracts? Have I to list each contract separately with the respective deadlines? And if the contracts are unlimited, have I proof them each year?

Thank you for your help.

Quote
0 0
Expert
Dejan Kosutic Jan 16, 2020

If the law or regulation has already come into effect, then you should write that the deadline for compliance is ASAP (as soon as possible). 

In this list you would normally not write employee contracts, because usually in those contracts the employees are obliged to you in terms of information security, not the other way round. 

You would typically list contracts with your clients - if those contracts are similar or the same, then you do not need to list each and every one separately, you would use one item, e.g. "Contracts with clients for the service xyz". 

See also these materials: 

Quote
0 0
Guest
sourabh Jan 17, 2020

Dear Dejan,

1. You mentioned as part of Contractual Obligation, we need to list all the Customer specefic Contracts. So in this Case , is it sufficient to list all the Contracts(that includes SLA an Cost of the Project) or do we re require to sign a specefic Contract with Customer which has all information Security Guideline?

 

2. Secondly in the below mentioned link, all the Legal Laws are provided as per the Country.

https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

What if in this List an Organsations,s Location is not Listed in the Link. Does the Legal representative of the org help in this scenario?

Kindlyy explain.

Thanks,

Quote
0 0
Expert
Dejan Kosutic Jan 18, 2020
...is it sufficient to list all the Contracts(that includes SLA an Cost of the Project) or do we re require to sign a specefic Contract with Customer which has all information Security Guideline?

Not sure if I understood your question, but you can either sign a separate agreement with security clauses, or you can include security clauses in your main agreement. In any case, the agreements that include security clauses must be listed in the List of Legal, Regulatory, Contractual and Other Requirements.

What if in this List an Organsations,s Location is not Listed in the Link. Does the Legal representative of the org help in this scenario?

The list of laws and regulations provided on our website is not official - you should consult a local legal expert to find out which security laws and regulations apply in your country. 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 15, 2020

Jan 18, 2020