Expert Advice Community

Register of requirements: Granularity of entries

  Quote
Benjamin W. Created:   Nov 16, 2022 Last commented:   Nov 17, 2022

Register of requirements: Granularity of entries

Regarding the Conformio Register of requirements: I don't understand how granular the entries should be (recommended or required by the ISO27001:2022 standard). We have a lot of contracts with different customers but the contracts themselves have the same content. Should we create a new entry for every customer contract or would it be sufficient to create a general entry for all contracts with the same content? Or should we even create a new entry for every requirement of each contract of every customer?

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 17, 2022

ISO 27001 does not prescribe the granularity related to requirements registering, so you can define the granularity to be used as best it fits your organization. 

For example:

  • You can use a general entry covering contracts with the same content
  • You can use specific entries to associate contracts with specific customers
  • You can add entries related to specific clauses present in different types of contracts

You can apply one or all criteria suggested or create your own additional criteria.

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Nov 16, 2022

Nov 17, 2022