The Register of Requirements will help you list all relevant interested parties (stakeholders) and define their expectations for your security. This will help you configure further documents and activities. This Register will become a database of all your Legal, Regulatory, and Contractual Requirements. The Register of Requirements is mandatory and references ISO 27001, Clause 4.2, and Control A.18.1.1.
Accessing the Register of Requirements
There are 2 ways to access the Register of Requirements:
- Through the Register of legal, contractual, and other requirements step in the Implementation steps;
- Through Registers and Modules.
Accessing through the Register of legal, contractual, and other requirements
Follow these steps to access the Register of Requirements:
- Go to Compliance and select Implementation steps;
- Find the Register of legal, contractual, and other requirements and click on the step or the ARROW button;
- From the step, click the Open Register button.
Accessing through Registers and Modules
Follow these steps to access the Register of Requirements:
- Click on Registers and Modules in the menu;
- Click the Go To Register button on the Register of Requirements module.
Filling out the Register of Requirements
After opening the Register, you will have to input information security legislation/regulation or service contracts for your company. This information is client-specific as legislation covers the state or authority where your business operates, and service contracts cover specific contractual obligations you have to your workers/subcontractors/service providers.
Adding Requirements
To add a new requirement, click the New Requirement button.
After clicking Add New, a selection screen will appear where you can select:
- Legal/Regulatory Requirement;
- Contractual Requirement;
- Other Requirement
By clicking X, the option to select a new requirement will close. Quitting this screen directly by closing the website will result in the same outcome as clicking the X button.
Legal/Regulatory Requirement
In this part, the concerned parties are the state or authority in the location where you’re business is operating.
Selecting the Legal/Regulatory requirement in the selection menu will open an input field with several fields.
Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.
Note: We advise that every field is completed – even optional ones.
Contractual Requirements
In this part, the concerned parties are other private or public entities operating with your company based on a specific contract, not a law or a regulation.
Selecting the Contractual Requirements requirement in the selection menu will open an input field with several fields.
Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.
Note: We advise that every field is completed – even optional ones.
Other Requirements
Selecting the Other Requirements requirement in the selection menu will open an input field with several fields.
Data fields with an asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the incident.
Note: We advise that every field is completed – even optional ones.
The default option for all requirements within the question Are you compliant? is Non-compliant because it is assumed you will become compliant through the completion of implementation steps and implementation of controls from the Statement of Applicability.
Editing and Deleting Requirements
If you notice any errors or any information for the specific requirement changes, click the ARROW button or the requirement itself to open the input fields again and change the desired information. The only thing you cannot edit is the type of requirement.
If you wish to delete the requirement, you can do so by clicking the Delete button in editing mode.
Generating the List of Legal, Regulatory, and Contractual Requirements Document
After you complete all the requirements, click the Confirm Initial Requirements button, and a List of Legal, Regulatory, and Contractual Requirements document will be generated. If you need to update the document, click on the CREATE A NEW PDF LIST OF REQUIREMENTS button.
Document is available via the link above in the pop-up window or under the title – marked below.
Details & Activity Section
Under the Details & Activity section, you can select the person in charge of updating the Register and how often the Register needs to be updated.
Discussions Section
The Discussions section works the same as in other documents.
Finishing Register of Legal, Contractual, and Other Requirements Step
To finish the step when all of the required fields have valid inputs, do the following:
- Go to the Implementation steps;
- Open the Register of legal, contractual and other requirements by clicking the View step button;
- Click the Finish step.
In the View step overview, you can assign Awareness, Training, Technology, Finance, or Human Resources to members of your Conformio account. These sections are optional and do not have to be filled to finish the step. To see detailed information about these sections, see this article.
Frequently Asked Questions:
1. Is it possible to have zero requirements?
It is highly unlikely that any normally operational business would be able to operate without legal or regulatory requirements that need to be registered here.
2. Can I delete a requirement that is outdated, or is the contract not valid anymore?
Yes, you can delete every requirement that is not needed anymore by the company in the Register of Requirements.
3. What is the difference between legal/regulatory requirements and contractual requirements?
A legal/regulatory requirement is a stipulation that you have to comply with, specified in a law or regulation. It is typically valid for a particular country or group of countries.
A contractual requirement, on the other hand, is a requirement specified in a contract or agreement between two parties. It is specific to the terms and conditions agreed upon in the contract.