Expert Advice Community

Guest

List of Legal Regulatory

  Quote
Guest
Guest user Created:   Apr 21, 2021 Last commented:   Apr 26, 2021

List of Legal Regulatory

1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1. I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers? 2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 21, 2021

1 - I purchased the document templates and went with package 2 that gives me unlimited emails. I will more than likely need help with more documents, but I am starting to work on them, and the first document is the 2.1.

I am unsure what to list here, I have read your website but wanted some help. Our company sells Web Portals to customers that integrate with ***. Who would be the stakeholders, I am guessing the 2 owners, Employees, Customers?

A stakeholder is any entity (i.e., person or organization) with an interest in the ISMS’s results, or on how it will work, so company owners, employees, and customers are examples of stakeholders (other examples are suppliers, partners, government agencies, etc.).

An example of how to fill in the List of Legal, Regulatory, Contractual, and Other Requirements, is this scenario:

A customer has a service level agreement with your company which defines, on clause 32-b, that in case of a disruptive incident, access to information system ABC must be restored to at least 30% of normal capacity in no more than 24 hours. In this case, the person responsible for system ABC is responsible to ensure compliance of the system to this requirement.
Then your document would be like this:

  • Interested party: Customer Jon
  • Requirement: Clause 32-b (recovering access to system ABC to at least 30% of normal capacity in no more than 24 hours)
  • Document: Service level agreement
  • Person responsible for compliance: System ABC administrator
  • Deadline: 24 hours after the occurrence of disruptive incident which makes access to system ABC unavailable

These articles will provide you a further explanation about identifying requirements:

2 - Since I am the one in charge of the ISO documentation, I would be the person responsible for compliance?

ISO 27001 does not prescribe who needs to be in charge of compliance, so organizations can define anyone who best fits their needs.

As good practice, you should consider as responsible for compliance with each requirement the person with the role with most interest and authority to ensure the requirement is being fulfilled.

For example, if the requirement is related to a customer contract, the responsible person for customer satisfaction should be defined as responsible for this requirement. In case the requirement is related to privacy regulation (e.g., GDPR), then the responsible person for privacy protection in the organization should be defined as responsible for this requirement.

Quote
0 0
Guest
Guest user Apr 23, 2021

I am trying to find the ISMS Template but can only find the Information Security Policy, is the ISMS template no longer used and incorporated into the Info Security Policy?

Quote
0 0
Expert
Rhand Leal Apr 26, 2021

Please note that ISO 27001:2013 defines as the top-level policy the "Information Security Policy", however the old 2005 revision of ISO 27001 called this document "ISMS Policy".

So, the ISMS Policy and the Information Security Policy are the same document.

For more information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 21, 2021

Apr 26, 2021