Template content - List of Legal, Regulatory Contractual requirements

1. How detailed description should be used when documenting “legislative, regulative and contractual requirements”? I mean do you need to write down the Act of the suitable law and name every individual contract and its points (vendor name, contract point and description of the matter)?

The level of detail should be enough so the person in charge of ensuring that the ISMS fulfills such requirements is capable to understand what needs to be done, or where he/she can find this information. In general, a good approach would be to identify the name of the requirement, its general purpose, and the specific clauses to be fulfilled (in case there are too many of them you can try to mention only the main sections where they can be found). In case of contracts, you do not need to list each and every contract. You can group them by type, or include only those related to relevant interested parties. 

2. What does the standard mean to “identify and document organizations approach to these meet these requirements”?

By this requirement, you have to identify and document policies, procedures or plans that are used to fulfill such requirements. For example, if you have a requirement that data must be protected against unavailability, you can fulfill this requirement by informing that the organization's approach is the implementation of a backup process.

OK, thank you for your answer Rhand!