I needed more clarification on this section. What information needs to be listed in the register. For contractual, I am guessing this would be our customers since they have a contract with us, but would we have to list all our customers? there are too many and for privacy we cannot list any customers. If we can list just general Customer, should be okay. but not sure what other Parties need to be included.
The content of this register is defined by the interested parties (e.g., top management, customers, suppliers, employees, government agencies, etc.) which are relevant to your information security management system (ISMS), and are usually documented as laws, regulations, contracts, agreements, and other similar documents, which are identified in this document.
For example, you can have a service contract with your main customers where they require backup to be performed in a certain way and use a defined technology. In this template, you will identify the requirements (backup method and technology to be used), where they can be found (service contract ***), who defined them (customer), and who is responsible for it (e.g., IT manager), and the implementation deadline (e.g., end of October 2021).
Regarding contracts, you need to consider not only contracts with customers but also with employees and suppliers, i.e., with all parts that are relevant to information security.
You do not need to list all your customers. You can list only the more relevant ones (e.g., those with the highest values, the strategic ones, etc.), which can be identified by codes to protect privacy.
If you have signed the same agreements with e.g. customers, you do not need to list each party separately - you can only list them together, e.g. "customers" and specify the security requirements from those standardized agreements.