Register of Requirements

Please note that writing contracts requires legal expertise, and our expertise is in ISO standards and how to implement them.

In general terms, contracts can be signed between the company and its employees (e.g., employment contracts), and the company and its customers and suppliers (e.g., service agreements).

The main elements of a contract are the contract object (what is to be delivered), the identification of involved parties, and the rights and obligations of each party (contract clauses).

In terms of information security clauses, these are based on risks that require mitigation and legal requirements that need to be fulfilled.

For example, if there is a relevant risk of data loss, you may include a security clause to enforce the adoption of backup procedures to ensure copies of the information will be available. In case your company needs to be compliant with a privacy regulation like HIPAA or EU GDPR, you may include a security clause to enforce the other party to adopt practices to protect personal data and people’s privacy.

For the proper writing of information security clauses and other contract clauses, we advise you to hire a legal expert.

For further information, see:

• Who are interested parties, and how can you identify them according to ISO 27001 and ISO 22301? https://advisera.com/27001academy/knowledgebase/how-to-identify-interested-parties-according-to-iso-27001-and-iso-22301/
• How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/
• Which security clauses to use for supplier agreements? https://advisera.com/27001academy/blog/2017/06/19/which-security-clauses-to-use-for-supplier-agreements/
• What to consider in security terms and conditions for employees according to ISO 27001 https://advisera.com/27001academy/blog/2018/05/23/what-to-consider-in-security-terms-and-conditions-for-employees-according-to-iso-27001/