Filling template

I assume you are referring to the List of Legal, Regulatory, Contractual and Other Requirements. 

You need to specify the deadlines for each requirement you list in that document - those deadlines are typically set by the laws/regulations/contracts that you list. For example, if a regulation xyz comes into effect on March 31, 2020, then this is the deadline until which you have to implement this requirement. 

Good morning Dejan,

thanks for your fast response. Ok, clear so far but... What's for example with legal requirements? There are no deadlines for validity. Or for example employment contracts? Have I to list each contract separately with the respective deadlines? And if the contracts are unlimited, have I proof them each year?

Thank you for your help.

If the law or regulation has already come into effect, then you should write that the deadline for compliance is ASAP (as soon as possible). 

In this list you would normally not write employee contracts, because usually in those contracts the employees are obliged to you in terms of information security, not the other way round. 

You would typically list contracts with your clients - if those contracts are similar or the same, then you do not need to list each and every one separately, you would use one item, e.g. "Contracts with clients for the service xyz". 

See also these materials: 

• How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301// 
• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/ 

Dear Dejan,

1. You mentioned as part of Contractual Obligation, we need to list all the Customer specefic Contracts. So in this Case , is it sufficient to list all the Contracts(that includes SLA an Cost of the Project) or do we re require to sign a specefic Contract with Customer which has all information Security Guideline?

2. Secondly in the below mentioned link, all the Legal Laws are provided as per the Country.

https://advisera.com/27001academy/knowledgebase/laws-regulations-information-security-business-continuity/

What if in this List an Organsations,s Location is not Listed in the Link. Does the Legal representative of the org help in this scenario?

Kindlyy explain.

Thanks,

...is it sufficient to list all the Contracts(that includes SLA an Cost of the Project) or do we re require to sign a specefic Contract with Customer which has all information Security Guideline?

Not sure if I understood your question, but you can either sign a separate agreement with security clauses, or you can include security clauses in your main agreement. In any case, the agreements that include security clauses must be listed in the List of Legal, Regulatory, Contractual and Other Requirements.

What if in this List an Organsations,s Location is not Listed in the Link. Does the Legal representative of the org help in this scenario?

The list of laws and regulations provided on our website is not official - you should consult a local legal expert to find out which security laws and regulations apply in your country.