SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

List of Legal, Regulatory, Contractual and Other Requirements

  Quote
Guest
aduffield Created:   Jan 22, 2019 Last commented:   Jan 23, 2019

List of Legal, Regulatory, Contractual and Other Requirements

Hi there, I am looking at recording the mandatory 'List of Legal, Regulatory, Contractual and Other Requirements' as part of our strive toward an ISO 27001 audit. We are a small business, of 50 or so employees set over 3 locations. We work in Business Outsourcing which in summary relates to providing electronic solutions to financial institutions. I am really struggling in identifying what to enter into this document. I am aware of our Interested Parties and Suppliers but would appreciate some guidance into the identification of what our List of Legal, Regulatory, Contractual and Other Requirements are and how to record them. Regards, Andrew
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 23, 2019
Answer:

Here is a practical example of how to fill this template:
Consider that, a customer named Jon has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC are restricted to customer personnel only. In this case the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:

Interested party: Customer Jon
Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel)
Document: Service level agreement
Person responsible for compliance: System ABC administrator
Deadline: when system ABC is made available for customer use

Besides Service Level Agreements, you should consider laws and regulations applicable to the locations where you operate. For identification of specific requirements for your organization we recommend you to seek for expert legal advise.
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 22, 2019

Jan 23, 2019