List of Legal Regulatory Contractual and Other Requirements
Hi - I am ploughing through the ISO 27001 toolkit I purchased a few months ago, but I haven't yet set up the complimentary live consultation. I plan to after I am a little more progressed. In the meantime, I am really struggling with the above.
We are a small SaaS startup. Do you have a non-confidential example document of this schedule you can send to me to get me started sketching out some example requirements from the likes of Employees, Shareholders, Clients? Government Act compliance is pretty straight forward.
Assign topic to the user
Unfortunately, we do not have example documents we can disclose due to confidentiality agreements with our customers.
Regarding requirements for employees, an example would be to keep the confidentiality of their personal records kept by the organization.
Requirement for shareholders would be the integrity of financial and performance reports.
About clients' requirements, you should consider clauses in service agreements you have with them.
This article will provide you further explanation about requirements identification:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
Comment as guest or Sign in
Nov 11, 2019