Hello,
I am currently writing the "Restier of Reiquirements" document for my company. I am using conformio for this, in which we can specify whether we are compliant to the said requirements. So this got me thinking about the following.
Some client(s) require my company to pay some form of indemnity in case of data breah or any sort of security issue.
Is the above considered a requirement? I mean we can't relly comply to it unless we have a security issue and actually have to pay the indemnity.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
From a practical point of view, paying indemnities is not a security requirement, but a legal one. Therefore, you do not need to list this requirement in the Register of Requirements.
Comment as guest or Sign in
Mar 22, 2023