procedure for Identification of Requirements
Assign topic to the user
Here are the answers:
1) The process is described in section 3 of Procedure for identification of requirements - a responsible person needs to identify all interested parties, then their requirements, etc. This article will also help you: How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
2) If you have legal department, that would be their job; if not then this would be the job of the security manager.
3) You could have a law for personal data protection, or you could have a contract with your client which specifies the security clauses you have to comply with.
4) This could be the security manager, or internal auditor.
Comment as guest or Sign in
Nov 01, 2016