Expert Advice Community

Guest

Register of Requirements Blank

  Quote
Guest
Guest user Created:   May 07, 2023 Last commented:   May 07, 2023

Register of Requirements Blank

I should have clarified on the initial request but for the register of requirements, if we don’t have any legal, regulatory, or contractual security obligations do we also list internal security policy requirements, or is this section left blank? While we do have MSAs, we don’t have a specific security control agreement with clients currently.

0 0

Assign topic to the user

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

ISO 27001 PROCEDURE FOR IDENTIFICATION OF REQUIREMENTS

Basics of identification of interested parties and their requirements.

Expert
Rhand Leal May 07, 2023

In case you do not have any legal requirements documented applicable (e.g., laws, regulations, or contracts) the Register of Requirements can be left blank. Internal security policy requirements do not need to be documented in this register, and Master Service Agreement with no specific security control agreement also does not need to be included in the Register of Requirements.

However, it would be very strange not to have any legal or regulatory requirements. For example, in most countries, privacy regulations require companies to protect personal data they process, and every company does have personal data (if nothing else, the data about their employees).

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 06, 2023

May 06, 2023

Suggested Topics

Guest user Created:   Oct 04, 2023 ISO 27001 & 22301
Replies: 1
0 0

Conformio questions

Guest user Created:   May 09, 2022 ISO 27001 & 22301
Replies: 1
0 0

Conformio expert question