Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Question around contractual and legal requirements

  Quote
Guest
Guest user Created:   Jul 13, 2023 Last commented:   Jul 13, 2023

Question around contractual and legal requirements

Will the organisation have to go through each agreement and determine? If so, this may be a time consuming exercise?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 13, 2023

You should go through all agreements of 3rd parties included in the ISMS scope, unless some of your agreements have the same security requirements - in such a case you should review only one such agreement and use it as a representative case for all other agreements with same security requirements.

Depending upon the number of different agreements you have (the point here is not the number of agreements you have but how different they are from each other) this may be in fact a time-consuming exercise. 

In this situation, you can define some criteria to prioritize which agreements to look at first (like the ones related to the biggest 3rd parties, or those with 3rd parties with more agreements, or those related to the most important 3rd parties, etc.)

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 13, 2023

Jul 13, 2023