List of Legal, Regulatory, Contractual and Other Requirements
Assign topic to the user
First of all, you should list laws and regulations that are applicable to your company; if you don't have supplier contracts you should list all your partners and customers with whom you have contracts or other arrangements. You should list only those that have an influence on your information security - e.g. those with requirements on backup, access control, physical protection, etc.
The whole point of this document is to list who is expecting what from your ISMS (i.e. interested parties and their requirements), so that you can start building the ISMS accordingly. See also this article: How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
Comment as guest or Sign in
Jan 12, 2016