Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Register of requirements

  Quote
Created:   Mar 17, 2023 Last commented:   Mar 22, 2023

Register of requirements

Hello,

I am currently writing the "Restier of Reiquirements" document for my company. I am using conformio for this, in which we can specify whether we are compliant to the said requirements. So this got me thinking about the following. 

Some client(s) require my company to pay some form of indemnity in case of data breah or any sort of security issue. 

Is the above considered a requirement? I mean we can't relly comply to it unless we have a security issue and actually have to pay the indemnity.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 22, 2023

From a practical point of view, paying indemnities is not a security requirement, but a legal one. Therefore, you do not need to list this requirement in the Register of Requirements.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Mar 17, 2023

Mar 22, 2023

Suggested Topics