Register of Requirements

Updated on May 28, 2024

The Register of Requirements will help you list all relevant interested parties (stakeholders) and define their expectations for your security. This will help you configure further documents and activities. This Register will become a database of all your Legal, Regulatory, and Contractual Requirements. The Register of Requirements is mandatory and references ISO 27001, Clause 4.2, and Control A.18.1.1.

Accessing the Register of Requirements

There are 2 ways to access the Register of Requirements:

  1. Through the Register of legal, contractual, and other requirements step in the Implementation steps;
  2. Through Registers and Modules.

Follow these steps to access the Register of Requirements:

  1. Go to Compliance and select Implementation steps;
  2. Find the Register of legal, contractual, and other requirements and click on the step or the ARROW button;
  3. From the step, click the Open Register button.

Register of Requirements - Advisera Help Center

Register of Requirements - Advisera Help Center

Accessing through Registers and Modules

Follow these steps to access the Register of Requirements:

  1. Click on Registers and Modules in the menu;
  2. Click the Go To Register button on the Register of Requirements module.

Register of Requirements - Advisera Help Center

Filling out the Register of Requirements

After opening the Register, you will have to input information security legislation/regulation or service contracts for your company. This information is client-specific as legislation covers the state or authority where your business operates, and service contracts cover specific contractual obligations you have to your workers/subcontractors/service providers.

Register of Requirements - Advisera Help Center

Adding Requirements

To add a new requirement, click the New Requirement button.

Register of Requirements - Advisera Help Center

After clicking Add New, a selection screen will appear where you can select:

  • Legal/Regulatory Requirement;
  • Contractual Requirement;
  • Other Requirement

Register of Requirements - Advisera Help Center

By clicking X, the option to select a new requirement will close. Quitting this screen directly by closing the website will result in the same outcome as clicking the button.

Register of Requirements - Advisera Help Center

Legal/Regulatory Requirement

In this part, the concerned parties are the state or authority in the location where you’re business is operating.

Selecting the Legal/Regulatory requirement in the selection menu will open an input field with several fields.

Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.

Note: We advise that every field is completed – even optional ones.

Register of Requirements - Advisera Help Center

Register of Requirements - Advisera Help Center

Contractual Requirements

In this part, the concerned parties are other private or public entities operating with your company based on a specific contract, not a law or a regulation.

Selecting the Contractual Requirements requirement in the selection menu will open an input field with several fields.

Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.

Note: We advise that every field is completed – even optional ones.

Register of Requirements - Advisera Help Center

Other Requirements

Selecting the Other Requirements requirement in the selection menu will open an input field with several fields.

Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.

Note: We advise that every field is completed – even optional ones.

Register of Requirements - Advisera Help Center

The default option for all requirements within the question Are you compliant? is Non-compliant because it is assumed you will become compliant through the completion of implementation steps and implementation of controls from the Statement of Applicability.

Register of Requirements - Advisera Help Center

Editing and Deleting Requirements

If you notice any errors or any information for the specific requirement changes, click the ARROW button or the requirement itself to open the input fields again and change the desired information. The only thing you cannot edit is the type of requirement.

Register of Requirements - Advisera Help Center

If you wish to delete the requirement, you can do so by clicking the Delete button in editing mode.

Register of Requirements - Advisera Help Center

After you complete all the requirements, click the Confirm Initial Requirements button, and a List of Legal, Regulatory, and Contractual Requirements document will be generated. If you need to update the document, click on the CREATE A NEW PDF LIST OF REQUIREMENTS button.

Register of Requirements - Advisera Help Center

Register of Requirements - Advisera Help Center

Document is available via the link above in the pop-up window or under the title – marked below.

Register of Requirements - Advisera Help Center

Details & Activity Section

Under the Details & Activity section, you can select the person in charge of updating the Register and how often the Register needs to be updated.

Discussions Section

The Discussions section works the same as in other documents.

Register of Requirements - Advisera Help Center

To finish the step when all of the required fields have valid inputs, do the following:

  1. Go to the Implementation steps;
  2. Open the Register of legal, contractual and other requirements by clicking the View step button;
  3. Click the Finish step.

Register of Requirements - Advisera Help Center

In the View step overview, you can assign AwarenessTrainingTechnologyFinance, or Human Resources to members of your Conformio account. These sections are optional and do not have to be filled to finish the step. To see detailed information about these sections, see this article.

Frequently Asked Questions:

1. Is it possible to have zero requirements? 

It is highly unlikely that any normally operational business would be able to operate without legal or regulatory requirements that need to be registered here.

2. Can I delete a requirement that is outdated, or is the contract not valid anymore?

Yes, you can delete every requirement that is not needed anymore by the company in the Register of Requirements.

3. What is the difference between legal/regulatory requirements and contractual requirements?

A legal/regulatory requirement is a stipulation that you have to comply with, specified in a law or regulation. It is typically valid for a particular country or group of countries.
A contractual requirement, on the other hand, is a requirement specified in a contract or agreement between two parties. It is specific to the terms and conditions agreed upon in the contract.

Was this article helpful?