I have been trying to complete the 02.1_Appendix_List_of_Legal_Regulatory_Contractual_and_Other_Requirements_Integrated_EN
I am getting myself rather confused, previously I have maintained an integrated 9001 and 27001 so I have been thinking along the lines for these interested parties.
However, after much researching of the internet I get the idea this time it should only be parties interested in our Information Security only can you confirm if this is right or wrong please?
So things like The Working Time Directive an equal opportunities laws don’t need to be included?
Also things like the WEEE directive would I include because of the disposal of data\hardware? And maintenance companies that service the data centres for equipment like AirCon, would I include them?
This template is to be considered for laws, regulations, and contracts that can impact information security and the ISMS objectives (e.g., the WEEE directive). Legal requirements related to other subjects do not need to be considered for this template, they would only make the document unnecessarily complex.
Regarding providers, their contracts and services agreements are handled by means of the Supplier Security Policy.