Question on List of legal, regulatory, contractual and other requirements
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
Should we list these contracts with partners in the “List of Legal regulatory contractual and other requirements”?
Answer: You should list them only if in those contracts there are some clauses where you have the responsibilities to protect the information.
When selling our product to a company coming from another country, it’s not clear to me if we should list these country’s laws and regulations…
Answer: Only if those regulations are applicable to your company - for example, if you are selling some consumer products to other countries, then you probably need to comply with their local legislation; if you are selling some business-to-business products, then the chances are you do not need to comply with local legislation in foreign countries.
We have an helpdesk system h osted by another company were we store confidential information about our customers. Should the contract between us and this helpdesk company be listed too?
Answer: I assume in this contract there are some security obligations for the hosting company, but not for you - if this is the case, then you do not need to list this contract in the List of legal, contractual and other requirements.
By the way, did you know we have a free online course that explains all the important elements of ISO 27001? It is called ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Oct 04, 2016