psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5eade2d99bef262cef5be6d01dc0bbbc9119b82e
ISMS/04-registers/legal-and-regulatory-obligations-register-template.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.2 KiB
Raw Blame History

Title: Legal and Regulatory Obligations Register Template Document ID: [REG-LEGAL-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Legal and Regulatory Obligations Register Template

Purpose

This template provides the structure for recording legal, regulatory, contractual, and other formal obligations relevant to the ISMS.

Scope

This register applies to obligations affecting information security, privacy, records, supplier management, incident notification, service delivery, and other in-scope activities.

Data Fields / Expected Columns

The register should record at least:

  • obligation ID
  • source or requirement name
  • obligation type
  • summary of requirement
  • applicable business area
  • owner
  • jurisdiction or context
  • review frequency
  • compliance evidence reference
  • status
  • next review date
  • notes

Ownership

This register should be owned by [Role]. Individual obligations should have accountable owners responsible for assessing applicability and maintaining evidence.

Update Frequency

The register should be updated when new obligations are identified, existing obligations change, or review outcomes alter applicability or evidence status.

Retention

Records should be retained in line with document and records retention requirements and any applicable legal or audit expectations.

Template Table

Obligation ID Source / Requirement Name Obligation Type Summary of Requirement Applicable Area Owner Jurisdiction / Context Review Frequency Evidence Reference Status Next Review Date Notes
[L-001] [Law / Contract / Requirement] [Legal / Regulatory / Contractual] [Summary] [Area] [Role] [UK / Customer / Multi-jurisdiction] [Frequency] [Policy / record / contract] [Applicable / Under Review / Not Applicable] [DD Month YYYY] [Notes]

Related Documents

  • Privacy and Data Protection Policy
  • Records Retention and Disposal Policy
  • Breach Notification Procedure
  • Document and Records Control Standard
Reference in New Issue View Git Blame Copy Permalink