Expert Advice Community

Guest

Question regarding ISO27001 implementation - Interested parties

  Quote
Guest
Guest user Created:   Jun 15, 2022 Last commented:   Jun 15, 2022

Question regarding ISO27001 implementation - Interested parties

I have been trying to complete the 02.1_Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_Integrated_EN I am getting myself rather confused, previously I have maintained an integrated 9001 and 27001 so I have been thinking along the lines for these interested parties. However, after much researching of the internet I get the idea this time it should only be parties interested in our Information Security only can you confirm if this is right or wrong please? So things like The Working Time Directive an equal opportunities laws don’t need to be included? Also things like the WEEE directive would I include because of the disposal of data\hardware? And maintenance companies that service the data centres for equipment like AirCon, would I include them?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 15, 2022

Your understanding is correct.

This template is to be considered for laws, regulations, and contracts that can impact information security and the ISMS objectives (e.g., the WEEE directive). Legal requirements related to other subjects do not need to be considered for this template, they would only make the document unnecessarily complex.

Regarding providers, their contracts and services agreements are handled by means of the Supplier Security Policy.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 15, 2022

Jun 15, 2022

Suggested Topics