I'm quite early on in the ISO27001 proecess and I'm being asked to list out all of our interested parties, along with the Name of the law/regulation and the Description of the requirement.
It is suggested that we try to enter all the requirements because it wlil cause big delays later. However, it feels early on in the process and I don't necessarily know all the requirements yet.
Q: shoudl i go through all of the GDPR and other regulatory requirements, along with supplier and client documetns & contracts, to source all ther requierments in detail, or is this a top level excercise?
Should I be listing each client/ regluation and each requiermnt separately, or doing a top level summary of the regulation/ clients and their potential requiremetns?
I feel a little at sea - am I supposed to be led through this process more or is it up to me now to dive into the detail of regulators & client/supplier information management requiremetns?