Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

List of Legal, Regulatory, Contractual and Other Requirements

For the above subject, we do not have suppliers with whom we have contracts. What exactly should come in this document? Can you give me some examples?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

First of all, you should list laws and regulations that are applicable to your company; if you don't have supplier contracts you should list all your partners and customers with whom you have contracts or other arrangements. You should list only those that have an influence on your information security - e.g. those with requirements on backup, access control, physical protection, etc.

The whole point of this document is to list who is expecting what from your ISMS (i.e. interested parties and their requirements), so that you can start building the ISMS accordingly. See also this article: How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community