Title: Legal and Regulatory Obligations Register Template
Document ID: [REG-LEGAL-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Legal and Regulatory Obligations Register Template

## Purpose

This template provides the structure for recording legal, regulatory, contractual, and other formal obligations relevant to the ISMS.

## Scope

This register applies to obligations affecting information security, privacy, records, supplier management, incident notification, service delivery, and other in-scope activities.

## Data Fields / Expected Columns

The register should record at least:

- obligation ID
- source or requirement name
- obligation type
- summary of requirement
- applicable business area
- owner
- jurisdiction or context
- review frequency
- compliance evidence reference
- status
- next review date
- notes

## Ownership

This register should be owned by [Role]. Individual obligations should have accountable owners responsible for assessing applicability and maintaining evidence.

## Update Frequency

The register should be updated when new obligations are identified, existing obligations change, or review outcomes alter applicability or evidence status.

## Retention

Records should be retained in line with document and records retention requirements and any applicable legal or audit expectations.

## Template Table

| Obligation ID | Source / Requirement Name | Obligation Type | Summary of Requirement | Applicable Area | Owner | Jurisdiction / Context | Review Frequency | Evidence Reference | Status | Next Review Date | Notes |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [L-001] | [Law / Contract / Requirement] | [Legal / Regulatory / Contractual] | [Summary] | [Area] | [Role] | [UK / Customer / Multi-jurisdiction] | [Frequency] | [Policy / record / contract] | [Applicable / Under Review / Not Applicable] | [DD Month YYYY] | [Notes] |

## Related Documents

- Privacy and Data Protection Policy
- Records Retention and Disposal Policy
- Breach Notification Procedure
- Document and Records Control Standard