Expert Advice Community

Guest

Procedure for Identification of Requirements

  Quote
Guest
Guest user Created:   May 31, 2021 Last commented:   May 31, 2021

Procedure for Identification of Requirements

Hi Good morning, could you please help me with the following information? 
Referring to this document.  - 02_Procedure_for_Identification_of_Requirements_EN

1 - We have two Business units. One located in site A and the other here in the site B. The unit that will be certified will be that of the site B. Do I need to include information from site A as well, such as laws and regulations?

2 - Another question, do we need to specify names and type of customer contract?

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 31, 2021

1 - We have two Business units. One located in site A and the other here in the site B.

The unit that will be certified will be that of the site B. Do I need to include information from site A as well, such as laws and regulations?

You only need to include legal requirements from your site A that may define information security requirements for your site B.

For example, if both sites exchange information, and a customer contract signed with site A states that information needs to be protected in a specific way (e.g., by using a specific cryptographic technology), then a reference to this contract need to be included in the list of legal requirements of site B, the one to be certified.

For further information, see:

2 - Another question, do we need to specify names and type of customer contract?

ISO 27001 does not prescribe which information needs to be recorded in a list of requirements, so you can define the information that better suits your needs. You can either use type of contract, when you have, for example, many contracts which follow the same model, or naming them specifically, when it is important to track the requirements of a specific customer.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 31, 2021

May 31, 2021