Register of Requirements Blank
I should have clarified on the initial request but for the register of requirements, if we don’t have any legal, regulatory, or contractual security obligations do we also list internal security policy requirements, or is this section left blank? While we do have MSAs, we don’t have a specific security control agreement with clients currently.
Assign topic to the user
In case you do not have any legal requirements documented applicable (e.g., laws, regulations, or contracts) the Register of Requirements can be left blank. Internal security policy requirements do not need to be documented in this register, and Master Service Agreement with no specific security control agreement also does not need to be included in the Register of Requirements.
However, it would be very strange not to have any legal or regulatory requirements. For example, in most countries, privacy regulations require companies to protect personal data they process, and every company does have personal data (if nothing else, the data about their employees).
Comment as guest or Sign in
May 06, 2023