Guest
Question regarding ISO27001 implementation - Interested parties
I have been trying to complete the 02.1_Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_Integrated_EN
I am getting myself rather confused, previously I have maintained an integrated 9001 and 27001 so I have been thinking along the lines for these interested parties.
However, after much researching of the internet I get the idea this time it should only be parties interested in our Information Security only can you confirm if this is right or wrong please?
So things like The Working Time Directive an equal opportunities laws don’t need to be included?
Also things like the WEEE directive would I include because of the disposal of data\hardware? And maintenance companies that service the data centres for equipment like AirCon, would I include them?
Assign topic to the user
Expert
Rhand Leal
Jun 15, 2022
Your understanding is correct.
This template is to be considered for laws, regulations, and contracts that can impact information security and the ISMS objectives (e.g., the WEEE directive). Legal requirements related to other subjects do not need to be considered for this template, they would only make the document unnecessarily complex.
Regarding providers, their contracts and services agreements are handled by means of the Supplier Security Policy.
For further information, see:
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/
Comment as guest or Sign in
Jun 15, 2022
Jun 15, 2022
Jun 15, 2022