Question on List of legal, regulatory, contractual and other requirements
Assign topic to the user
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now 
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS
Basics of identification of interested parties and their requirements.
Get it now
Should we list these contracts with partners in the “List of Legal regulatory contractual and other requirements”?
Answer: You should list them only if in those contracts there are some clauses where you have the responsibilities to protect the information.
When selling our product to a company coming from another country, it’s not clear to me if we should list these country’s laws and regulations…
Answer: Only if those regulations are applicable to your company - for example, if you are selling some consumer products to other countries, then you probably need to comply with their local legislation; if you are selling some business-to-business products, then the chances are you do not need to comply with local legislation in foreign countries.
We have an helpdesk system h osted by another company were we store confidential information about our customers. Should the contract between us and this helpdesk company be listed too?
Answer: I assume in this contract there are some security obligations for the hosting company, but not for you - if this is the case, then you do not need to list this contract in the List of legal, contractual and other requirements.
By the way, did you know we have a free online course that explains all the important elements of ISO 27001? It is called ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 04, 2016