List of Legal, Regulatory, Contractual and Other Requirements
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
First it is important to note that you only have to develop such list if control A.18.1.1 (Identification of applicable legislation and contractual requirements) is applicable to your organization (the main clauses of the standard only require that such information must be considered with no need to document it).
Regarding a partially filled document, unfortunately such information is protected by confidentiality agreements with our customers, but here is a practical example of how to fill this template:
Consider that, a customer named Jon has a service level agreement with your company which defines, on clause 32-b, that access to all information provided by the customer to information system ABC are restricted to customer personnel only. In this case the person responsible for system ABC is responsible to ensure compliance of the system to this requirement. Then your document would be like this:
Interested party: Customer Jon
Requirement: Clause 32-b (Information provided to system ABC are restricted to customer's personnel)
Document: Service level agreement
Person responsible for compliance: System ABC administrator
Deadline: when system ABC is made available for customer use
Besides Service Level Agreements, you should consider laws and regulations applicable to the locations where you operate. For identification of specific requirements for your organization we recommend you to seek for expert legal advise.
Comment as guest or Sign in
May 31, 2019