Guest user Created: Jul 08, 2022 Last commented: Jul 08, 2022

Legal and contractual requirements question

Looking through our List of Legal, Regulatory, Contractual and Other Requirements documents, we had a question. As a small company that deals with commercial driving fleets, are we expected to have a long list of these requirements? Of the list of requirements that were listed on the article linked in the actual document, none really applied to us. We do not operate in individual states that have these requirements, so we had very few there. As a whole, it seems like we only have a few contractual requirements with our customers. Does that seem right?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 08, 2022

First is important to note that the article linked to the template is only a starting point (it is updated by contributions of our readers and may not be fully updated). Our recommendation is for you to seek local legal advice so they can help you identify other legal requirements you need to consider for your ISO 27001 implementation (e.g., local laws and regulations).

ISO 27001 does not prescribe how long the list of Legal, Regulatory, and Contractual requirements must be. It is likely your list will be short since normally transportation companies are not security regulated, but they might have some privacy regulations that are applicable.

For further information, see:

How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 08, 2022

Expert Advice Community