Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

procedure for Identification of Requirements

  Quote
Guest
nice051 Created:   Oct 31, 2016 Last commented:   Nov 01, 2016

procedure for Identification of Requirements

Hello I have gone through the procedure for Identification of Requirements document of Advisera and I have following four queries in my mind. Please help me in it. 1) What is the process of identification of interested parties, as well as legal, regulatory, contractual and other requirements related to ISMS ? 2) Who is usually responsible for identifying such requirements ? 3) Could you elaborate what sort of requirements with the help of an example ? 4) who is responsible for evaluating the compliance of ISMS with relevant legal, regulatory and contractual requirements ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Nov 01, 2016

Here are the answers:
1) The process is described in section 3 of Procedure for identification of requirements - a responsible person needs to identify all interested parties, then their requirements, etc. This article will also help you: How to identify interested parties according to ISO 27001 and ISO 22301 https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301//
2) If you have legal department, that would be their job; if not then this would be the job of the security manager.
3) You could have a law for personal data protection, or you could have a contract with your client which specifies the security clauses you have to comply with.
4) This could be the security manager, or internal auditor.

Quote
0 0
Guest
nice051 Nov 01, 2016

Thank you

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 31, 2016

Nov 01, 2016