Initial commit
This commit is contained in:
Paul Jenkins
@@ -0,0 +1,61 @@
|
||||
Title: Legal and Regulatory Obligations Register Template
|
||||
Document ID: [REG-LEGAL-001]
|
||||
Version: 0.1 Draft
|
||||
Status: Draft
|
||||
Owner: CISO (Paul Jenkins)
|
||||
Approver: CISO (Paul Jenkins)
|
||||
Classification: Internal
|
||||
Effective date: [DD Month YYYY]
|
||||
Review date: [DD Month YYYY]
|
||||
|
||||
# Legal and Regulatory Obligations Register Template
|
||||
|
||||
## Purpose
|
||||
|
||||
This template provides the structure for recording legal, regulatory, contractual, and other formal obligations relevant to the ISMS.
|
||||
|
||||
## Scope
|
||||
|
||||
This register applies to obligations affecting information security, privacy, records, supplier management, incident notification, service delivery, and other in-scope activities.
|
||||
|
||||
## Data Fields / Expected Columns
|
||||
|
||||
The register should record at least:
|
||||
|
||||
- obligation ID
|
||||
- source or requirement name
|
||||
- obligation type
|
||||
- summary of requirement
|
||||
- applicable business area
|
||||
- owner
|
||||
- jurisdiction or context
|
||||
- review frequency
|
||||
- compliance evidence reference
|
||||
- status
|
||||
- next review date
|
||||
- notes
|
||||
|
||||
## Ownership
|
||||
|
||||
This register should be owned by [Role]. Individual obligations should have accountable owners responsible for assessing applicability and maintaining evidence.
|
||||
|
||||
## Update Frequency
|
||||
|
||||
The register should be updated when new obligations are identified, existing obligations change, or review outcomes alter applicability or evidence status.
|
||||
|
||||
## Retention
|
||||
|
||||
Records should be retained in line with document and records retention requirements and any applicable legal or audit expectations.
|
||||
|
||||
## Template Table
|
||||
|
||||
| Obligation ID | Source / Requirement Name | Obligation Type | Summary of Requirement | Applicable Area | Owner | Jurisdiction / Context | Review Frequency | Evidence Reference | Status | Next Review Date | Notes |
|
||||
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
|
||||
| [L-001] | [Law / Contract / Requirement] | [Legal / Regulatory / Contractual] | [Summary] | [Area] | [Role] | [UK / Customer / Multi-jurisdiction] | [Frequency] | [Policy / record / contract] | [Applicable / Under Review / Not Applicable] | [DD Month YYYY] | [Notes] |
|
||||
|
||||
## Related Documents
|
||||
|
||||
- Privacy and Data Protection Policy
|
||||
- Records Retention and Disposal Policy
|
||||
- Breach Notification Procedure
|
||||
- Document and Records Control Standard
|
||||
Reference in New Issue
Block a user